flask-openapi3
flask-openapi3 copied to clipboard
luolingchun
CORS does not work with OpenAPI
With using flask-cors I cannot reach my endpoints via my web app. If I change to normal Flask cors settings work.
Environment:
- Python version: 3.9.1
- Operating system: Windows 10
- Flask version: 2.2.2
- flask-openapi3 version: 2.2.0
import json
from flask import request
from pymongo import MongoClient
from bson import json_util, ObjectId
from flask_openapi3 import Info, Tag
from flask_openapi3 import OpenAPI
import bcrypt
from models.user import Token, UserLogin, UserRegister, UserUpdate, UserUpdatePassword,UserCreate, User
import jwt
from flask_cors import CORS, cross_origin
info = Info(title="Users Microservice for Bank system cr23", version="1.0.0")
app = OpenAPI(__name__, info=info)
cors = CORS(app)
app.config['CORS_HEADERS'] = 'Content-Type'
client = MongoClient(host='mongodb',
port=27017,
username='dbUser',
password='dbPass',
authSource="admin")
db = client["users"]
def parse_json(data):
return json.loads(json_util.dumps(data))
login_tag = Tag(name="Login", description="Logs user into the bank system.")
@app.post('/login', responses={"200": Token} ,tags=[login_tag])
@cross_origin()
def login(body: UserLogin):
user = db.users.find_one({"email": body.email})
if user:
if bcrypt.checkpw(body.password.encode('utf-8'), user['password']):
user.pop('password')
return parse_json({"token": jwt.encode(parse_json(user), 'JWT_SECRET', algorithm='HS256')})
else:
return {"message": "Invalid password"}, 401
return {"message": "Invalid username"}, 401
Here for example I could not reach the login endpoint via my React app due to CORS. When I changed back to normal Flask, everything worked fine.
@GasperFunda I didn't repeat your bug.
server:
from flask_cors import CORS, cross_origin
from flask_openapi3 import Info, Tag
from flask_openapi3 import OpenAPI
info = Info(title="Users Microservice for Bank system cr23", version="1.0.0")
app = OpenAPI(__name__, info=info)
cors = CORS(app)
app.config['CORS_HEADERS'] = 'Content-Type'
login_tag = Tag(name="Login", description="Logs user into the bank system.")
@app.post('/login', tags=[login_tag])
@cross_origin()
def login():
return {"message": "Invalid username"}, 200
if __name__ == "__main__":
app.run("0.0.0.0", debug=True)
js in console:
var url = "http://localhost:5000/login";
var httpRequest = new XMLHttpRequest();
httpRequest.open('POST', url, true);
httpRequest.setRequestHeader("Content-type", "application/json");
var obj = {
"username": "mkii",
"password": "1234"
};
httpRequest.send(JSON.stringify(obj));
// 响应后的回调函数
httpRequest.onreadystatechange = function () {
if (httpRequest.readyState == 4 && httpRequest.status == 200) {
var json = httpRequest.responseText;
console.log(json);
}
};
output:
server without CORS:
from flask_cors import CORS, cross_origin
from flask_openapi3 import Info, Tag
from flask_openapi3 import OpenAPI
info = Info(title="Users Microservice for Bank system cr23", version="1.0.0")
app = OpenAPI(__name__, info=info)
# cors = CORS(app)
app.config['CORS_HEADERS'] = 'Content-Type'
login_tag = Tag(name="Login", description="Logs user into the bank system.")
@app.post('/login', tags=[login_tag])
# @cross_origin()
def login():
return {"message": "Invalid username"}, 200
if __name__ == "__main__":
app.run("0.0.0.0", debug=True)
output:
This issue has been automatically closed because we haven't heard back for more than 365 days, please reopen this issue if necessary.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}