Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS not working #697

Closed
alexpana opened this issue Apr 28, 2018 · 12 comments
Closed

CORS not working #697

alexpana opened this issue Apr 28, 2018 · 12 comments
Labels
question

Comments

@alexpana
Copy link

I'm trying to connect to socketio from the create-react-app dev server, but the flask server isn't returning Access-Control-Allow-Origin: *.

Here is the request from the create-react-app server (running on port 3000):

request from react

And here is the request from a html file served by flask:

request from flask

Opening the html file locally (with file:///.../index.html) doesn't work either.

Is this the intended behavior? How can I get flask to play nice with other servers?
@miguelgrinberg
Copy link
Owner

The two screenshots that you shared are for Socket.IO requests, I don't see any being for a HTML file. Note that both show a URL that begins with http://localhost:5000/socket.io/....

How did you initialize the SocketIO extension? The lack of CORS headers in the first screenshot make me think you are using a non-default configuration for CORS.

@alexpana
Copy link
Author

alexpana commented Apr 28, 2018
edited
Loading

Thank you for the reply, I'll do my best to clarify.

The two screenshots that you shared are for Socket.IO requests, I don't see any being for a HTML file.

The second screenshot is a Socket.IO request from a html file served by flask. The first is being made from a html file served by a node dev server. Notice the difference in the Host header.

How did you initialize the SocketIO extension?

in gizmo/gizmo/__init__.py I have

socketio = SocketIO()
def create_app():
    ...
    socketio.init_app(app, cors_allowed_origins="*")

and then in gizmo/run.py I have:

from gizmo import create_app, socketio

app = create_app()

if __name__ == '__main__':
    socketio.run(app, host="localhost")

I run the server with python run.py

@miguelgrinberg
Copy link
Owner

This is the documentation for the cors_allowed_origins setting:

cors_allowed_origins – List of origins that are allowed to connect to this server. All origins are allowed by default.

If you want to allow all origins, do not include this setting, or set it to None. If you want to allow specific origins, provide a list of those origins in this argument. You are setting the argument to *, which is not an allowed value.

@alexpana
Copy link
Author

Removing the cors_allowed_origins='*' parameter worked, thank you very much.

However, I did read the documentation sever times, and I still find the description lacking. Setting '*' as wildcard for allowed origins is very common, and even Flask-CORS allows it. I think being invalid for socketio is counter intuitive, and should at least be mentioned in the docs.

The reason people would choose to set it despite it being default is because a) defaults can change (although this might break quite a lot of apps) and b) it's explicit (explicit is better than implicit, as the zen goes).

miguelgrinberg added a commit to miguelgrinberg/python-engineio that referenced this issue Apr 30, 2018
@miguelgrinberg
More flexible specification of CORS allowed origins
8f3d6ec 
Suggested in miguelgrinberg/Flask-SocketIO#697 (comment)
@miguelgrinberg
Copy link
Owner

miguelgrinberg commented Apr 30, 2018
edited
Loading

@alexpana I actually followed your advice and expanded the cors_allowed_origins a bit. You can now set it to '*' or None (or omit it) to allow all origins. You can also set it to a string to allow a single origin, or set it to a list of strings if you have more than one allowed origin. Thanks!

Commit: miguelgrinberg/python-engineio@8f3d6ec

@alexpana
Copy link
Author

That's awesome, thank you!

Closed
@EDario333
Copy link

@alexpana I actually followed your advice and expanded the cors_allowed_origins a bit. You can now set it to '*' or None (or omit it) to allow all origins. You can also set it to a string to allow a single origin, or set it to a list of strings if you have more than one allowed origin. Thanks!

Commit: miguelgrinberg/python-engineio@8f3d6ec

"You can now set it to '*' or None (or omit it) to allow all origins"

Still working on this way? I got "Not an accepted origin." for:

  1. cors_allowed_origins = None
  2. Omit cors_allowed_origins

The only working is when set to * (cors_allowed_origins = '*').

Dev env:

Python 3.9.14
Flask 2.2.2
Flask-SocketIO 5.3.2
python-engineio 4.3.4
python-socketio 5.7.2

@miguelgrinberg
Copy link
Owner

@EDario333 when there is any doubt, please consult the documentation. You are reading something that is almost 5 years old. The documentation is always kept up to date.

@n1lby73
Copy link

n1lby73 commented Jun 15, 2023

please a quick question does cfbm cookie has anything to do with flask cors, cus i keep having this error and unable to find a fix for it yet

@miguelgrinberg
Copy link
Owner

@n1lby73 wrong repo, this is Flask-SocketIO, not Flask-CORS.

@n1lby73
Copy link

n1lby73 commented Jun 15, 2023

@n1lby73 wrong repo, this is Flask-SocketIO, not Flask-CORS.

i'm using socket io to implement cors

socketio = SocketIO(app, cors_allowed_origins='*')

@miguelgrinberg
Copy link
Owner

@n1lby73 I don't see what is the relation between your question and Flask-SocketIO. You mentioned Flask-CORS. And I have no idea what that cookie you referenced is.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alexpana @miguelgrinberg @EDario333 @n1lby73