sanic-cors

by ashleysommer

ashleysommer /sanic-cors

A Sanic extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possib...

135 Stars 20 Forks Last release: 7 months ago (0.10.0.post3) MIT License 399 Commits 32 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

Sanic-CORS

|Build Status| |Latest Version| |Supported Python versions| |License|

A Sanic extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible. Based on

flask-cors 
__ by Cory Dolphin.

This package has a simple philosophy, when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc. By default, submission of cookies across domains is disabled due to the security implications, please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of

CSRF 
__ protection before doing so!

Notice: Please upgrade to Sanic-CORS v0.10.0 if you need compatibility with Sanic v19.12+. See

here 
_ for more details.

Installation

Install the extension with using pip, or easy_install.

.. code:: bash

$ pip install -U sanic-cors

Usage

This package exposes a Sanic extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage ~~~~~~~~~~~~

In the simplest case, initialize the Sanic-Cors extension with default arguments in order to allow CORS for all domains on all routes.

.. code:: python

from sanic import Sanic
from sanic.response import text
from sanic_cors import CORS, cross_origin

app = Sanic(name) CORS(app)

@app.route("/", methods=['GET', 'OPTIONS']) def hello_world(request): return text("Hello, cross-origin-world!")

Resource specific CORS ^^^^^^^^^^^^^^^^^^^^^^

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the

resources
option, mapping paths to a set of options.

.. code:: python

app = Sanic(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users", methods=['GET', 'OPTIONS']) def list_users(request): return text("user example")

Route specific CORS via decorator ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This extension also exposes a simple decorator to decorate sanic routes with. Simply add

@cross_origin(app)
below a call to Sanic's
@app.route(..)
to allow CORS on a given route.

.. code:: python

@app.route("/", methods=['GET', 'OPTIONS'])
@cross_origin(app)
def hello_world(request):
  return text("Hello, cross-origin-world!")

SPF Usage ~~~~~~~~~~~~

Sanic-CORS uses Sanic-Plugins-Framework behind the scenes. That means you can use SPF to load the plugin for you if you are orchestrating and application with multiple SPF plugins.

.. code:: python

from sanic import Sanic
from sanic.response import text
from spf import SanicPluginsFramework
from sanic_cors.extension import cors
app = Sanic(__name__)
spf = SanicPluginsFramework(app)
spf.register_plugin(cors, automatic_options=True)

@app.route("/", methods=['GET', 'OPTIONS']) def hello_world(request): return text("Hello, cross-origin-world!")

Documentation

For a full list of options, please see the flask-cors

documentation 
__.

Preflight Requests

CORS requests have to send

pre-flight requests 
_ via the options method, Sanic by default only allows the
GET
method, in order to service your CORS requests you must specify
OPTIONS
in the methods argument to your routes decorator.

Sanic-CORS includes an

automatic_options
configuration parameter to allow the plugin handle the
OPTIONS
response automatically for you. This is enabled by default, but you can turn it off if you wish to do your own
OPTIONS
response.

.. code:: python

CORS(app, automatic_options=True)

@app.delete('/api/auth') @auth.login_required async def auth_logout(request): auth.logout_user(request) return json(None, status=OK)

or with the app config key:

.. code:: python

app = Sanic(__name__)
app.config['CORS_AUTOMATIC_OPTIONS'] = True

CORS(app)

@app.delete('/api/auth') @auth.login_required async def auth_logout(request): auth.logout_user(request) return json(None, status=OK)

or directly on the route with the

cross_origin
decorator:

.. code:: python

@app.route('/api/auth', methods={'DELETE','OPTIONS'})
@auth.login_required
@cross_origin(app, automatic_options=True)
async def auth_logout(request):
    auth.logout_user(request)
    return json(None, status=OK)

Note: For the third example, you must use

@route()
, rather than
@delete()
because you need to enable both
DELETE
and
OPTIONS
to work on that route, even though the decorator is handling the
OPTIONS
response.

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

.. code:: python

logging.getLogger('sanic_cors').level = logging.DEBUG

Tests

A simple set of tests is included in

test/
. To run, install nose, and simply invoke
nosetests
or
python setup.py test
to exercise the tests.

Contributing

Questions, comments or improvements? Please create an issue on

Github 
__. I do my best to include every contribution proposed in any way that I can.

Credits

This Sanic extension is based upon the

Decorator for the HTTP Access
Control 
__ written by Armin Ronacher.

.. |Build Status| image:: https://api.travis-ci.org/ashleysommer/sanic-cors.svg?branch=master :target: https://travis-ci.org/ashleysommer/sanic-cors .. |Latest Version| image:: https://img.shields.io/pypi/v/Sanic-Cors.svg :target: https://pypi.python.org/pypi/Sanic-Cors/ .. |Supported Python versions| image:: https://img.shields.io/pypi/pyversions/Sanic-Cors.svg :target: https://img.shields.io/pypi/pyversions/Sanic-Cors.svg .. |License| image:: http://img.shields.io/:license-mit-blue.svg :target: https://pypi.python.org/pypi/Sanic-Cors/

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.