You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Whether to deal with Flask exception handlers or leave them alone (with respect to CORS headers).
55
55
56
56
CORS_MAX_AGE (:py:class:`~datetime.timedelta`, :py:class:`int` or :py:class:`str`)
57
-
The maximum time for which this CORS request may be cached.
57
+
The maximum time for which this CORS request may be cached.
58
58
This value is set as the :http:header:`Access-Control-Max-Age` header.
59
59
60
60
CORS_METHODS (:py:class:`~typing.List` or :py:class:`str`)
61
61
The method(s) which the allowed origins are allowed to access.
62
62
These are included in the :http:header:`Access-Control-Allow-Methods` response headers to the preflight OPTIONS requests.
63
-
63
+
64
64
.. _cors_origins_setting:
65
65
66
66
CORS_ORIGINS (:py:class:`~typing.List`, :py:class:`str` or :py:class:`re.Pattern`)
67
67
The origin(s) to allow requests from.
68
68
An origin configured here that matches the value of the :http:header:`Origin` header in a preflight OPTIONS request is returned as the value of the :http:header:`Access-Control-Allow-Origin` response header.
69
69
70
70
CORS_RESOURCES (:py:class:`~typing.Dict`, :py:class:`~typing.List` or :py:class:`str`)
71
-
The series of regular expression and (optionally) associated CORS options to be applied to the given resource path.
72
-
71
+
The series of regular expression and (optionally) associated CORS options to be applied to the given resource path.
72
+
73
73
If the value is a dictionary, it's keys must be regular expressions matching resources, and the values must be another dictionary of configuration options, as described in this section.
74
-
75
-
If the argument is a list, it is expected to be a list of regular expressions matching resources for which the app-wide configured options are applied.
76
-
77
-
If the argument is a string, it is expected to be a regular expression matching resources for which the app-wide configured options are applied.
74
+
75
+
If the argument is a list, it is expected to be a list of regular expressions matching resources for which the app-wide configured options are applied.
76
+
77
+
If the argument is a string, it is expected to be a regular expression matching resources for which the app-wide configured options are applied.
78
78
79
79
CORS_SEND_WILDCARD (:py:class:`bool`)
80
80
If :ref:`CORS_ORIGINS <cors_origins_setting>` is ``"*"`` and this is true, then the :http:header:`Access-Control-Allow-Origin` response header's value with be ``"*"`` as well, instead of the value of the :http:header:`Origin` request header.
81
81
82
82
CORS_SUPPORTS_CREDENTIALS (:py:class:`bool`)
83
-
Allows users to make authenticated requests.
84
-
If true, injects the :http:header:`Access-Control-Allow-Credentials` header in responses.
85
-
This allows cookies and credentials to be submitted across domains.
86
-
87
-
:note: This option cannot be used in conjunction with a "*" origin
83
+
Allows users to make authenticated requests.
84
+
If true, injects the :http:header:`Access-Control-Allow-Credentials` header in responses.
85
+
This allows cookies and credentials to be submitted across domains.
86
+
87
+
:note: This option cannot be used in conjunction with a "*" origin
88
88
89
89
CORS_VARY_HEADER: (:py:class:`bool`)
90
90
Enables or disables the injection of the :http:header:`Vary` response header is set to ``Origin``.
0 commit comments