I tried consuming json-files directly from my static-folder, but that failed due to CORS issues. Now Cross Origin requests are a complex topic, and my simple hack circumvents much of the logic behind it.
But for anyone who needs to grant the simple "grant access for anyone" permissions, this simple hack may prove useful.
Share and enjoy :)
Thanks for sharing that!
You probably already know this, but for anyone else who's planning to use it, there is one performance warning: anything you serve this way will be delivered slower than static files that you configure in the PythonAnywhere "Web" tab's static files table -- so make sure you only use it when necessary.
I've managed to get CORS running with:
jansimple
|
24
posts
|
giles
|
12640
posts
|
PythonAnywhere staff
|
from flask.ext.cors import cross_origin
@app.route("/cors/<path:file>")
@cross_origin(file)
def corsFolder(file):
return send_from_directory("/home/noiv/XYXYX", file, mimetype="application/octet-stream")
However, I don't want everyone and his cat fetch these files for free. So, how do I restrict access to certain referring domains? There are at least three including localhost:port.
Regarding static/dynamic, I have no choice as these images get rendered on a HTML5 canvas made available as blob to users and static leads to a 'tainted' canvas which doesn't allow any export at all.
BTW: the flask/cors thing adds a nice cache/max age header, which at least in my case leads to less bandwidth and even better response, because files are loaded locally the from browser's cache without any round trip
Many thanks on any input!
--noiv
Can't you use the origin option in the cors decorator to specify origins that are allowed to use the resource?
Yes, thanks. Thought origin and referer were two different things.
Now there's another issue. When I call my cors service from a http site, everything is OK. When I call from https, browser says mixed content not loaded. When I call from https to cors with https too (thanks for https, btw) urllib2.urlopen() errors while opening another http site. Its a bit confusing, maybe this table helps, there are three server involved:
browser pa extern result
http http http browser OK, urlopen OK
https http http mixed content, urlopen OK
https https http 500, URLError: <urlopen error [Errno -2] Name or service not known>
Can't a secure response make another non-secure request? Unfortunately the external server doesn't support https. It gives strange errors: OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
I'm sorry, I can't make head or tail of this. What is actually going on in that table? Surely, if the browser is using https, you can't be delivering http content to it? Where's the error coming from? I assume, since it's coming from urlopen, that it must be server-side, but I have no idea which server or what it's trying to retrieve.
