No version for distro humble showing jade. Known supported distros are highlighted in the buttons above.
Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

No version for distro jazzy showing jade. Known supported distros are highlighted in the buttons above.
Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

No version for distro kilted showing jade. Known supported distros are highlighted in the buttons above.
Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

No version for distro rolling showing jade. Known supported distros are highlighted in the buttons above.
Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

No version for distro ardent showing jade. Known supported distros are highlighted in the buttons above.
Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

No version for distro bouncy showing jade. Known supported distros are highlighted in the buttons above.
Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

No version for distro crystal showing jade. Known supported distros are highlighted in the buttons above.
Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

No version for distro eloquent showing jade. Known supported distros are highlighted in the buttons above.
Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

No version for distro dashing showing jade. Known supported distros are highlighted in the buttons above.
Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

No version for distro galactic showing jade. Known supported distros are highlighted in the buttons above.
Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

No version for distro foxy showing jade. Known supported distros are highlighted in the buttons above.
Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

No version for distro iron showing jade. Known supported distros are highlighted in the buttons above.
Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

No version for distro lunar showing jade. Known supported distros are highlighted in the buttons above.
Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Third-Party Package

This third-party package's source repository does not contain a package manifest. Instead, its package manifest is stored in its release repository. In order to build this package from source in a Catkin workspace, please download its package manifest.

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
indigo

Third-Party Package

This third-party package's source repository does not contain a package manifest. Instead, its package manifest is stored in its release repository. In order to build this package from source in a Catkin workspace, please download its package manifest.

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

No version for distro hydro showing jade. Known supported distros are highlighted in the buttons above.
Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
kinetic

Third-Party Package

This third-party package's source repository does not contain a package manifest. Instead, its package manifest is stored in its release repository. In order to build this package from source in a Catkin workspace, please download its package manifest.

Package Summary

Tags No category tags.
Version 3.0.3
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

Name Deps
rostful

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

No version for distro melodic showing jade. Known supported distros are highlighted in the buttons above.
Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange

No version for distro noetic showing jade. Known supported distros are highlighted in the buttons above.
Package symbol

flask_cors package from flask_cors repo

flask_cors

ROS Distro
jade

Package Summary

Tags No category tags.
Version 3.0.2
License BSD
Build type CATKIN
Use RECOMMENDED

Repository Summary

Checkout URI https://github.com/corydolphin/flask-cors.git
VCS Type git
VCS Version master
Last Updated 2025-06-11
Dev Status DEVELOPED
CI status No Continuous Integration
Released RELEASED
Tags No category tags.
Contributing Help Wanted (0)
Good First Issues (0)
Pull Requests to Review (0)

Package Description

Cross Origin Resource Sharing ( CORS ) support for Flask

Additional Links

Maintainers

  • AlexV

Authors

  • Cory Dolphin

Flask-CORS

Build
Status Latest
Version Supported Python
versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the [resources]{.title-ref} option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

``` python

File truncated at 100 lines see the full file

CHANGELOG

Change Log

3.1.01

  • Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
  • two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
  • Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
  • FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
  • Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
  • Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
  • ‘Access-Control-Allow-Private-Network = true’ header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
  • docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
  • [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. “/api/../foo.txt” would incorrectly match resources for “/api/*” whereas the path actually expands simply to “/foo.txt”

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from ‘collections’ in Python 3.7. Thank you @juanmaneo and @jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of ‘*’ is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an “?” are not properly matched.

3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an ‘Origin’ header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I’ll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

Other improvements:

  • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
  • Makes Flask-CORS compatible with OAuthLib’s custom header class … (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
  • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
  • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba

2.1.3

Fixes Vary:Origin header sending behavior when regex origins are used.

2.1.2

Fixes package installation. Requirements.txt was not included in Manifest.

2.1.1

Stop dynamically referecing logger.

Disable internal logging by default and reduce logging verbosity

2.1.0

Adds support for Flask Blueprints.

2.0.1

Fixes Issue #124 where only the first of multiple headers with the same name would be passed through.

2.0.0

New Defaults

  1. New defaults allow all origins, all headers.

Breaking Changes

  1. Removed always_send option.
  2. Removed ‘headers’ option as a backwards-compatible alias for ‘allowed_headers’ to reduce confusion.

2.0.0rc1

Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

Update default options and parameters in a backwards incompatible way.

By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not

File truncated at 100 lines see the full file

Wiki Tutorials

This package does not provide any links to tutorials in it's rosindex metadata. You can check on the ROS Wiki Tutorials page for the package.

Package Dependencies

System Dependencies

Dependant Packages

No known dependants.

Launch files

No launch files found

Messages

No message files found.

Services

No service files found

Plugins

No plugins found.

Recent questions tagged flask_cors at Robotics Stack Exchange