Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How to specify the list of origins?

See original GitHub issue

I need to limit access to calls coming from 2 domain names as well as localhost.

I tried following:

app = Flask(__name__)
CORS(app, resources={r"/*": {"origins": "*.domain-one.com, intranet.domain-two.com, 127.0.0.1"}})

And I tried the following:

app = Flask(__name__)
CORS(app, resources={r"/*": {"origins": ["*.domain-one.com", "intranet.domain-two.com", "127.0.0.1"]}})

Receiving exception in both cases:

[2017-11-29 17:01:54,271] ERROR in app: Exception on /myapi/ [POST]
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/flask/app.py", line 1982, in wsgi_app
    response = self.full_dispatch_request()
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/flask/app.py", line 1615, in full_dispatch_request
    return self.finalize_request(rv)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/flask/app.py", line 1632, in finalize_request
    response = self.process_response(response)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/flask/app.py", line 1856, in process_response
    response = handler(response)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/flask_cors/extension.py", line 181, in cors_after_request
    set_cors_headers(resp, res_options)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/flask_cors/core.py", line 236, in set_cors_headers
    headers_to_set = get_cors_headers(options, request.headers, request.method)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/flask_cors/core.py", line 168, in get_cors_headers
    origins_to_set = get_cors_origins(options, request_headers.get('Origin'))
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/flask_cors/core.py", line 123, in get_cors_origins
    elif try_match_any(request_origin, origins):
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/flask_cors/core.py", line 263, in try_match_any
    return any(try_match(inst, pattern) for pattern in patterns)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/flask_cors/core.py", line 263, in <genexpr>
    return any(try_match(inst, pattern) for pattern in patterns)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/flask_cors/core.py", line 271, in try_match
    return re.match(maybe_regex, request_origin, flags=re.IGNORECASE)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/re.py", line 137, in match
    return _compile(pattern, flags).match(string)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/re.py", line 244, in _compile
    raise error, v # invalid expression
error: nothing to repeat

API works when I allow all CORS:

app = Flask(__name__)
CORS(app)

But I need to limit access to calls coming from 2 domain names as well as localhost.

Thank you for your help.

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

12reactions
tista3commented, Dec 1, 2017

You have to specify schema and port if it is not explicit port for that schema. So this do not work with CORS: "origins": ["localhost", "mywebsite.example.com"] And this do work correctly: "origins": ["http://localhost:8000", "http://mywebsite.example.com"]

2reactions
peterladacommented, Nov 29, 2018

@ghost you might want to escape the dot in example.com

Read more comments on GitHub >

github_iconTop Results From Across the Web

Origins SMP Wiki | Fandom
Below is a list of all of the origins, their features, and the description that appears on the screen from the mod. Italicized...
Read more >
Minecraft Origins mod: All you need to know - Sportskeeda
It adds nine origins for the player to choose from. Each origin is related to a mob or an item, grants players special...
Read more >
Origins Documentation
Welcome to the Origins documentation! This page will hopefully contain all the information you need to make your own data packs for the...
Read more >
Access-Control-Allow-Origin Multiple Origin Domains?
... server read the Origin header from the client, compare that to the list of ... Header always set Access-Control-Allow-Origin %{origin_is}e env=origin_is.
Read more >
2.5 Git Basics - Working with Remotes
It lists the shortnames of each remote handle you've specified. ... git remote -v origin https://github.com/schacon/ticgit (fetch) origin ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Access to XMLHttpRequest at 'http://...' from origin 'http://localhost:8000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

Next page

Using flask-cors with flask-restful and @before_request decorator for jwt auth