Cross-Origin Resource Sharing (CORS)

class microdot.cors.CORS(app=None, allowed_origins=None, allow_credentials=False, allowed_methods=None, expose_headers=None, allowed_headers=None, max_age=None, handle_cors=True)

Add CORS headers to HTTP responses.

Parameters:

  • app – The application to add CORS headers to.

  • allowed_origins – A list of origins that are allowed to make cross-site requests. If set to ‘*’, all origins are allowed.

  • allow_credentials – If set to True, the Access-Control-Allow-Credentials header will be set to true to indicate to the browser that it can expose cookies and authentication headers.

  • allowed_methods – A list of methods that are allowed to be used when making cross-site requests. If not set, all methods are allowed.

  • expose_headers – A list of headers that the browser is allowed to expose.

  • allowed_headers – A list of headers that are allowed to be used when making cross-site requests. If not set, all headers are allowed.

  • max_age – The maximum amount of time in seconds that the browser should cache the results of a preflight request.

  • handle_cors – If set to False, CORS headers will not be added to responses. This can be useful if you want to add CORS headers manually.

initialize(app, handle_cors=True)

Initialize the CORS object for the given application.

Parameters:

  • app – The application to add CORS headers to.

  • handle_cors – If set to False, CORS headers will not be added to responses. This can be useful if you want to add CORS headers manually.

get_cors_headers(request)

Return a dictionary of CORS headers to add to a given request.

Parameters:

request – The request to add CORS headers to.