我想自己设置"Access-Control-Allow-Origin"响应头,但似乎很难确定请求中带有的"HTTP_ORIGIN"参数在哪里。
我正在使用flask - 0.10.1,而HTTP_ORIGIN
似乎是这个对象
的属性之一。
flask.request.environ
当处理请求时,我从 print flask.request.environ
得到了以下内容:
{
"wsgi.multiprocess": false,
"HTTP_REFERER": "http://www.freemerce.com/product/77104116",
"SERVER_SOFTWARE": "Werkzeug/0.9.6",
"SCRIPT_NAME": "",
"REQUEST_METHOD": "GET",
"PATH_INFO": "/prod/sync_req",
"HTTP_ORIGIN": "http://www.freemerce.com",
"SERVER_PROTOCOL": "HTTP/1.1",
"QUERY_STRING": "",
"werkzeug.server.shutdown": "<function shutdown_server at 0x4060e60>",
"CONTENT_LENGTH": "",
"HTTP_USER_AGENT": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36",
"HTTP_CONNECTION": "keep-alive",
"SERVER_NAME": "0.0.0.0",
"REMOTE_PORT": 53690,
"wsgi.url_scheme": "http",
"SERVER_PORT": "80",
"werkzeug.request": "<Request http://192.168.0.10/prod/sync_req [GET]>",
"wsgi.input": "<socket._fileobject object at 0x405e1d0>",
"HTTP_DNT": "1",
"HTTP_HOST": "192.168.0.10:80",
"wsgi.multithread": false,
"HTTP_ACCEPT": "*/*",
"HTTP_RA_SID": "DB52333D-20140914-070803-53c316-5f3242",
"wsgi.version": "(1, 0)",
"wsgi.run_once": false,
"HTTP_RA_VER": "2.8.7",
"wsgi.errors": "<open file <stderr>, mode 'w' at 0x7f57d074c270>",
"REMOTE_ADDR": "192.168.0.131",
"HTTP_ACCEPT_LANGUAGE": "en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4,ja;q=0.2,zh-TW;q=0.2",
"CONTENT_TYPE": "",
"HTTP_ACCEPT_ENCODING": "gzip, deflate, sdch"
}
这将为您提供答案。
from flask import request
...
print(request.environ.get('HTTP_ORIGIN', 'default value'))
request.environ.get('HTTP_ORIGIN', 'default value')
is better, to avoid KeyError
- Bob Stein这里是例子:
from flask import request
...
allow_origin_list = ['https://example.com', 'http://example.com']
if 'HTTP_ORIGIN' in request.environ and request.environ['HTTP_ORIGIN'] in allow_origin_list:
response.headers.add('Access-Control-Allow-Origin', request.environ['HTTP_ORIGIN'] )
response.headers.add('Access-Control-Allow-Headers', 'access-control-allow-origin,content-type')
response.headers.add('Access-Control-Allow-Methods', 'GET,POST')
如下面的代码所示,对于最新的 Flask 模块版本,在 flask.request.environ
中没有 HTTP_ORIGIN
键:
for key in request.environ.keys():
print(key, ' : ',request.environ[key])
我建议使用这个:
client_addr = request.environ['REMOTE_ADDR']
client_port = request.environ['REMOTE_PORT']
client_URL = 'http://' + client_addr + ':' + str(client_port)
request.environ.get('HTTP_ORIGIN', 'default value')
是提取它的方法,可以避免某些用户出现 KeyError 的情况。(猜测涉及某种浏览器隐身功能。) - Bob Stein