All geek questions in one place

TypeError on CORS for Flask-Rest

When I tried a new CORS function on a jar-stack, I found that a decorator can only be used if the function returns a string.

For example, by changing the Quick Launch Example :

class HelloWorld(restful.Resource): @cors.crossdomain(origin='*') def get(self): return {'hello': 'world'}

Throws:

TypeError: 'dict' object is not callable

Am I doing something wrong?

+6
source share
3 answers

I recently ran into this problem. @MartijnPieters is true, decorators cannot be called for individual presentation methods.

I created an abstract base class containing a decorator list. The class that consumes Resource (from flask-restful) also inherits the base class, which is the class that actually applies the list of decorators to the view.

  class AbstractAPI(): decorators = [cors.crossdomain(origin='*')] class HelloWorld(restful.Resource, AbstractAPI): #content

Strike>

No.

just add a list of decorators to the parameters after creating the Api instance

 api = Api(app) api.decorators=[cors.crossdomain(origin='*')]
+4
source

The return value of the wrapped function is passed (as a single argument) to flask.make_response() ; anything that can return the flask to its normal form is acceptable. The decorator is essentially the same as this flash fragment .

Since Flask-restful Resource is a subclass of flask.views.MethodView , you really shouldn't put decorators directly on methods here. As described in Finishing Views , you must specify view decorators in a special attribute of the decorators class, which is a list:

 class HelloWorld(restful.Resource): decorators = [cors.crossdomain(origin='*')] def get(self): return {'hello': 'world'}

and the flag will apply the view to the real view method returned by HelloWorld.as_view() , which actually calls Flask when sending the route to the view.

Only the server will apply them directly to the methods to confuse the restful.Resource dispatcher, since it expects the methods to return python data directories suitable for encoding in JSON, which is not what cors.crossdomain() returns anyway.

0
source

I found that you can still use a decorator if you return a string or a JSON response (which is probably good practice for the API anyway). This is important if you want to use CORS headers for specific routes using the decorator, making life a lot easier. See this combined pull req for more information: https://github.com/flask-restful/flask-restful/pull/131

Here is an example:

 from . import app from flask_restful import reqparse, abort, Api, Resource from flask.ext.cors import cross_origin from datetime import datetime from flask import jsonify api = Api(app) class DateTime(Resource): @cross_origin(origins="http://localhost:63342*") def get(self): return jsonify({'DateTime': str(datetime.today())}) api_root = '/api/v1/' api.add_resource(DateTime, api_root + 'DateTime')

If you use flash security, adding decorators to my testing was strange. Instead, I recommend assert current_user.is_authenticated . If you allow credentials, make sure CSRF is secure.

0
source

Source: https://habr.com/ru/post/958646/

More articles:


All Articles