Cross Origin Resource Sharing ( CORS ) support for Flask

Overview

Flask-CORS

Build Status Latest Version Supported Python versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.

By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of CSRF protection before doing so!

Installation

Install the extension with using pip, or easy_install.

$ pip install -U flask-cors

Usage

This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation.

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def helloWorld():
  return "Hello, cross-origin-world!"

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the resources option, mapping paths to a set of options. See the full list of options in the documentation.

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users")
def list_users():
  return "user example"

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask's @app.route(..) to allow CORS on a given route. See the full list of options in the decorator documentation.

@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"

Documentation

For a full list of options, please see the full documentation

Troubleshooting

If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.

logging.getLogger('flask_cors').level = logging.DEBUG

Tests

A simple set of tests is included in test/. To run, install nose, and simply invoke nosetests or python setup.py test to exercise the tests.

Contributing

Questions, comments or improvements? Please create an issue on Github, tweet at @corydolphin or send me an email. I do my best to include every contribution proposed in any way that I can.

Credits

This Flask extension is based upon the Decorator for the HTTP Access Control written by Armin Ronacher.

Comments
  • Long time responding

    Long time responding

    On ajax cross domain request flask respond after a long time . For example 10 seconds. If I call url from browser it respond fastly, but with cors and on ajax request flask wait a long time. I'm working on localhost.

    opened by serkandaglioglu 28
  • No CORS on error pages

    No CORS on error pages

    I am using the middleware in my blueprinted flask app:

    from flask_cors import CORS
    CORS(app)
    

    The correct CORS headers are not set on the error pages, which results in a CORS error on the front-end every time the server throws an error. Am I doing something wrong?

    duplicate 
    opened by fgblomqvist 15
  • CORS Headers not added with uncaught exception

    CORS Headers not added with uncaught exception

    I was having this issue with my own simple CORS handling, and found flask-cors, only to find it has the same problem.

    The docs for after_request point out that the function may not be called if there is an unhandled exception: http://flask.pocoo.org/docs/0.10/api/#flask.Flask.after_request

    The result is that the client ends up getting a no-cors header error instead of a 500 server error

    opened by robertfw 14
  • Passing a Flask blueprint to CORS constructor fails

    Passing a Flask blueprint to CORS constructor fails

    Attempting to pass a blueprint object to the flask.ext.cors.CORS results in the following traceback

      File "/usr/lib/python3.4/site-packages/flask_cors/extension.py", line 59, in __init__
        self.init_app(app, **kwargs)
      File "/usr/lib/python3.4/site-packages/flask_cors/extension.py", line 64, in init_app
        options = get_cors_options(app, self._options, kwargs)
      File "/usr/lib/python3.4/site-packages/flask_cors/core.py", line 263, in get_cors_options
        options.update(get_app_kwarg_dict(appInstance))
      File "/usr/lib/python3.4/site-packages/flask_cors/core.py", line 278, in get_app_kwarg_dict
        for k in CONFIG_OPTIONS
      File "/usr/lib/python3.4/site-packages/flask_cors/core.py", line 279, in <genexpr>
        if app.config.get(k) is not None
    AttributeError: 'Blueprint' object has no attribute 'config'
    
    opened by Bob131 12
  • Flask-Cors not working while using url_prefix in blueprints

    Flask-Cors not working while using url_prefix in blueprints

    I was using flask-cors for my flask application which failed to enable CORS for blueprints where blueprints were registered along with url_prefix as their property. However, when I removed url_prefix and manually added prefix in blueprints, CORS seemed to be working fine.

    Example

    This code works properly

    from flask import Flask, make_response
    from flask_cors import CORS
    
    from tracer.blueprints.auth import app as auth_blueprint
    from tracer.blueprints.url import app as url_blueprint
    
    app = Flask(__name__)
    CORS(app)
    
    app.register_blueprint(auth_blueprint)
    app.register_blueprint(url_blueprint)
    
    if __name__ == '__main__':
        app.run(host='0.0.0.0')
    

    This code doesn't allow CORS

    .
    .
    app.register_blueprint(auth_blueprint, url_prefix='/auth')
    app.register_blueprint(url_blueprint, url_prefix='/url')
    .
    .
    
    opened by amandesai01 11
  • Using flask-cors with flask-restful and @before_request decorator for jwt auth

    Using flask-cors with flask-restful and @before_request decorator for jwt auth

    I'm trying to use flask-cors for the development configuration for a flask-restful api, simplified below:

    import config
    
    from flask import Flask, request
    from flask_restful import Api, Resource
    from flask_cors import CORS
    
    app = Flask(__name__)
    app.config.from_object('config.DevelopmentConfig')
    api = Api(app)
    if app.config['CORS_ENABLED'] is True:
        CORS(app, origins="http://127.0.0.1:8080", allow_headers=[
            "Content-Type", "Authorization", "Access-Control-Allow-Credentials"],
            supports_credentials=True)
    
    
    @app.before_request
    def authorize_token():
        if request.endpoint != 'token':
            try:
                authorize_jwt(request)
            except Exception as e:
                return "401 Unauthorized\n{}\n\n".format(e), 401
    
    
    class GetToken(Resource):
        def post(self):
            token = generate_jwt()
            return token       # token sent to client to return in subsequent requests in Authorization header
    
    
    # requires authentication through before_request decorator
    class Test(Resource):
        def get(self):
            return {"test": "testing"}
    
    
    api.add_resource(GetToken, '/token', endpoint='token')
    api.add_resource(Test, '/test', endpoint='test')
    
    if __name__ == '__main__':
        app.run()
    

    But whatever I try I always get the error 'Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.'

    Without the JWT auth piece, everything else works fine. (And the JWT auth works fine without flask-cors.) Seems like the hangup is something with using flask-cors with the before_request decorator (?).

    Any suggestions?

    opened by gwvt 11
  • Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'

    Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'

    Not sure why I'm getting this error when trying to allow CORS on my flask app. Here's my server:

    #library imports
    from flask import Flask
    from flask_cors import CORS, cross_origin
    
    app = Flask(__name__)
    CORS(app, resources={r"/*": {"origins": "*"}})
    app.config['CORS_HEADERS'] = 'Content-Type'
    
    @app.route('/img', methods=['POST'])
    def image_upload():
        if not request.json:
            abort(400)
        print(request.json)
        return jsonify('working')
    
    if __name__ == "__main__":
        app.run(host= "0.0.0.0", debug=True, port = 5000, threaded=True)
        print("Running dev server on port 5000")
    

    Now on my frontend, when I attempt to make a POST request to /img, I get the error in the title. The full error is:

    XMLHttpRequest cannot load http://0.0.0.0:5000/img. Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. Origin 'http://localhost:8080' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

    opened by Syntaf 10
  • Universal wheels

    Universal wheels

    Right now, there is only a py2 wheel being released. This PR will cause bdist_wheel to build a universal py2.py3 wheel instead. It also tells the Travis release task to upload the wheel to PyPI in addition to the sdist which is the only one uploaded by default

    opened by joshfriend 9
  • Issue setting CORS headers

    Issue setting CORS headers

    Hey y'all, I've setup version 2.1.2 of the Flask-Cors extension, with version 0.11.1 of Flask and version of 0.9.2 of Flask-OAuthlib, like so:

    from flask import Flask
    from flask_cors import CORS
    from flask_oauthlib.provider import OAuth2Provider
    
    app = Flask(__name__)
    
    oauth = OAuth2Provider(app)
    oauth.init_app(app)
    
    CORS(app, supports_credentials=True)
    

    And it supports pre-flight OPTIONS requests just fine, but for some reason, it is hitting some hangups when it attempts to setup CORS headers on actual requests:

    127.0.0.1 - - [16/Aug/2016 13:44:45] "OPTIONS /api/oauth/token HTTP/1.1" 200 -
    127.0.0.1 - - [16/Aug/2016 13:44:47] "POST /api/oauth/token HTTP/1.1" 500 -
    Traceback (most recent call last):
      File "/Applications/MAMP/htdocs/truesouth/lib/python3.4/site-packages/flask/app.py", line 2000, in __call__
        return self.wsgi_app(environ, start_response)
      File "/Applications/MAMP/htdocs/truesouth/lib/python3.4/site-packages/flask/app.py", line 1991, in wsgi_app
        response = self.make_response(self.handle_exception(e))
      File "/Applications/MAMP/htdocs/truesouth/lib/python3.4/site-packages/flask_cors/extension.py", line 188, in wrapped_function
        return cors_after_request(app.make_response(f(*args, **kwargs)))
      File "/Applications/MAMP/htdocs/truesouth/lib/python3.4/site-packages/flask/app.py", line 1567, in handle_exception
        reraise(exc_type, exc_value, tb)
      File "/Applications/MAMP/htdocs/truesouth/lib/python3.4/site-packages/flask/_compat.py", line 33, in reraise
        raise value
      File "/Applications/MAMP/htdocs/truesouth/lib/python3.4/site-packages/flask/app.py", line 1988, in wsgi_app
        response = self.full_dispatch_request()
      File "/Applications/MAMP/htdocs/truesouth/lib/python3.4/site-packages/flask/app.py", line 1643, in full_dispatch_request
        response = self.process_response(response)
      File "/Applications/MAMP/htdocs/truesouth/lib/python3.4/site-packages/flask/app.py", line 1862, in process_response
        response = handler(response)
      File "/Applications/MAMP/htdocs/truesouth/lib/python3.4/site-packages/flask_cors/extension.py", line 175, in cors_after_request
        set_cors_headers(resp, res_options)
      File "/Applications/MAMP/htdocs/truesouth/lib/python3.4/site-packages/flask_cors/core.py", line 217, in set_cors_headers
        resp.headers.add(k, v)
    AttributeError: 'dict' object has no attribute 'add'
    

    Here is the actual resp.headers object referenced in the last line of the stack trace:

    {'Cache-Control': 'no-store', 'Content-Type': 'application/json', 'Pragma': 'no-cache'}
    

    Any idea what could be causing this? It seems like maybe Flask-OAuthlib is using a dict for the headers object and Flask-Cors is expecting a set.

    opened by BillBrower 9
  • Access-Control-Request-Headers not Copied to Access-Control-Allow-Headers

    Access-Control-Request-Headers not Copied to Access-Control-Allow-Headers

    See how ACL_REQUEST_HEADERS is never used.

    Something like this seems missing: https://github.com/cancan101/flask-cors/commit/4f9364414772be7df1a1de5dfc12f1ae79725d76

    opened by cancan101 9
  • Using flask-cors with flask-security/flask-login

    Using flask-cors with flask-security/flask-login

    Hi,

    I'm trying to get this work so that when I login I issue an 'Access-Control-Allow-Credentials', 'true' header. So that I can have authenticated cross-domain ajax calls. I've got a simple prototype working, but now I'm trying to get this all to work in a larger flask application using the flask-security extension.

    Here's what I've tried for setting up CORS. I've also tried using @cross_origin(supports_credentials=True) on a view that also requires a login.

    cors = CORS(app, resources={r"/api/*": {"origins": "*"}, r"/login": {"supports_credentials": True}})
    

    I don't get any of the CORS headers. Here's what I see in the debug output.

    DEBUG:flask.ext.cors:Enabling <function home at 0x1039e2b70> for cross_origin using options:{'supports_credentials': True}
    DEBUG:runestone.cors:Request to '/login' matches CORS resource '/login'. Using options: {'origins': ['.*'], 'supports_credentials': True, 'methods': 'DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT', 'intercept_exceptions': True, 'automatic_options': True, 'send_wildcard': False, 'vary_header': True, 'allow_headers': ['.*'], 'resources': {'/api/*': {'origins': '*'}, '/login': {'supports_credentials': True}}}
    DEBUG:runestone.cors:'Origin' header was not set, which means CORS was not requested, skipping
    DEBUG:runestone.cors:Settings CORS headers: MultiDict([])
    INFO:werkzeug:127.0.0.1 - - [22/May/2015 14:44:59] "GET /login HTTP/1.1" 302 -
    DEBUG:runestone.cors:No CORS rule matches
    

    I don't know if it matters but I have the auth stuff in a blueprint of its own.

    Any ideas on where I might be going wrong? The debug output is confusing to me because it seems to recognize that I want CORS on the login, request, but then later says that CORS was not requested.

    Thanks,

    Brad

    opened by bnmnetp 8
  • Want to know the next version update time.

    Want to know the next version update time.

    The latest version of flask-cors is Jan 6, 2021. When will the next version be released? I've been using this version for over 2 years. So, I'd like to know when the next version is updated. Thank you.

    opened by wwwzhangshenzecn 0
  • Unknown keyword arguments silently ignored

    Unknown keyword arguments silently ignored

    When passing additional, or misspelled, keyword arguments to CORS, and probably elsewhere, they are silently ignored.

    This means that a CORS(app, rigins=["mydomain.com"], send_wildcard=True) would produce false positive * wildcards for any domain.

    Is there a design reason that leftover unknown keyword arguments can't be raised as an error?

    opened by Helveg 2
  • docs: Fix a few typos

    docs: Fix a few typos

    There are small typos in:

    • docs/configuration.rst
    • tests/decorator/test_exception_interception.py

    Fixes:

    • Should read enabled rather than enbaled.
    • Should read matching rather than maching.

    Semi-automated pull request generated by https://github.com/timgates42/meticulous/blob/master/docs/NOTE.md

    opened by timgates42 0
  • Package prints unexpected DEBUG messages when app runs

    Package prints unexpected DEBUG messages when app runs

    My web app includes flask-cors as a dependency. In the log file, there are frequent messages like:

    DEBUG .../venv/lib/python3.10/site-packages/flask_cors/core.py:247 Settings CORS headers: MultiDict([])

    The default log level in my app in logging.INFO and I do not see it overridden anywhere. How did this logger get enabled in core.py?

    opened by lsiden 1
  • Next.JS API Call to Flask API POST Endpoint - `Access-Control-Allow-Credentials` is not set properly

    Next.JS API Call to Flask API POST Endpoint - `Access-Control-Allow-Credentials` is not set properly

    I'm trying to pass in a cookie to a Flask API POST Endpoint

    export async function login(username, password, csrfToken, sessionCookie) {
      console.log(sessionCookie);
      const res = await fetch(buildLink("api/login/"), {
        method: "POST",
        credentials: "include",
        headers: {
          "Content-Type": "application/json",
          "X-CSRFToken": csrfToken,
        },
        body: {
          username: username,
          password: password,
          cookie: sessionCookie,
        },
      });
      const user = await res.json();
      console.log(user);
      return user;
    }
    

    However, the error I get when making this request in the browser is

    Access to fetch at 'http://127.0.0.1:2476/api/login/' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'.
    

    My set-up using flask-cors is

    login_manager = LoginManager()
    login_manager.init_app(app)
    login_manager.session_protection = "strong"
    csrf = CSRFProtect(app)
    cors = CORS(
        app,
        resources={
            r"*": {
                "origins": [
                    "http://localhost:8080",
                    "http://localhost:3000",
                    "http://127.0.0.1:3000",
                    "http://127.0.0.1:8080",
                ]
            }
        },
        expose_headers=["Content-Type", "X-CSRFToken"],
        supports_credentials=True,
    )
    
    opened by mtdutaro 0
  • enforcing same origin policy with flask-cors

    enforcing same origin policy with flask-cors

    While this library is used to enable cors, is there an option to disable the default wildcard value in CORS_ORIGIN without explictly defining trusted domains in a string/list so it defaults back to same origin policy?

    opened by Tingweiftw 7
Releases(3.0.10)
  • 3.0.10(Jan 5, 2021)

    • Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370
    • Fixes warnings for invalid escape sequences Thanks @tirkarthi
    Source code(tar.gz)
    Source code(zip)
  • 3.0.9(Aug 30, 2020)

    Security

    • Escape path before evaluating resource rules (thanks @praetorian-colby-morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. "/api/../foo.txt" would incorrectly match resources for "/api/*" whereas the path actually expands simply to "/foo.txt"
    Source code(tar.gz)
    Source code(zip)
  • 3.0.8(Jun 8, 2019)

    Fixes DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working

    Thank you @juanmaneo and @jdevera!

    Source code(tar.gz)
    Source code(zip)
  • 3.0.7(Nov 9, 2018)

  • 3.0.6(Jun 12, 2018)

  • 3.0.5(May 22, 2018)

    Fixes incorrect handling of regexes containg '[', and a few other special characters. https://github.com/corydolphin/flask-cors/issues/212

    Source code(tar.gz)
    Source code(zip)
  • 3.0.4(Apr 26, 2018)

  • 3.0.3(Jun 28, 2017)

    Ensure that an Origin of '*' is never sent if supports_credentials is True (fixes Issue #202)

    • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.
    Source code(tar.gz)
    Source code(zip)
  • 3.0.2(Sep 8, 2016)

    Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

    Source code(tar.gz)
    Source code(zip)
  • 3.0.1(Aug 31, 2016)

  • 3.0.0(Aug 20, 2016)

    This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

    Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an 'Origin' header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I'll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3

    Other improvements:

    • Adds building of universal wheels (#175) 4674c3d54260f8897bd18e5502509363dcd0d0da
    • Makes Flask-CORS compatible with OAuthLib's custom header class ... (#172) aaaf904845997a3b684bc6677bdfc91656a85a04
    • Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f295bd6b0ba87cc5f2afaca01b91ff43e72c
    • Fixes logging when unknown options are supplied (#152) bddb13ca6636c5d559ec67a95309c9607a3fcaba
    Source code(tar.gz)
    Source code(zip)
  • 2.1.3(Apr 18, 2016)

  • 2.1.2(Nov 8, 2015)

  • 2.1.1(Nov 8, 2015)

  • 2.1.0(Aug 5, 2015)

    Adds support for Flask Blueprints.

    You may now pass a Flask Blueprint to the CORS extension, and it will work as expected.

    Thanks @Bob131for the feature request! https://github.com/corydolphin/flask-cors/issues/128

    Source code(tar.gz)
    Source code(zip)
  • 2.0.1(May 8, 2015)

  • 2.0.0(Mar 24, 2015)

    BREAKING CHANGES

    1. New defaults allow all origins, all headers.
    2. Removed always_send option.
    3. Removed 'headers' option as a backwards-compatible alias for 'allowed_headers' to reduce confusion.
    Source code(tar.gz)
    Source code(zip)
  • 2.0.0rc1(Mar 15, 2015)

    Would love to get some feedback to make sure there are no unexpected regressions. This should be backwards compatible for most people.

    Update default options and parameters in a backwards incompatible way.

    By default, all headers are now allowed, and only requests with an Origin header have CORS headers returned. If an Origin header is not present, no CORS headers are returned.

    Removed the following options: always_send, headers.

    Extension and decorator are now in separate modules sharing a core module. Test have been moved into the respective tests.extension and tests.decorator modules. More work to decompose these tests is needed.

    Source code(tar.gz)
    Source code(zip)
  • 1.10.3(Feb 13, 2015)

    Release Version 1.10.3

    • Adds logging to Flask-Cors so it is easy to see what is going on and why
    • Adds support for compiled regexes as origins

    Big thanks to @michalbachowski and @digitizdat!

    Source code(tar.gz)
    Source code(zip)
  • 1.10.2(Dec 18, 2014)

    This release fixes the behavior of Access-Control-Allow-Headers and Access-Control-Expose-Headers, which was previously swapped since 1.9.0.

    To further fix the confusion, the headers parameter was renamed to more explicitly be allow_headers.

    Thanks @maximium for the bug report and implementation!

    Source code(tar.gz)
    Source code(zip)
  • 1.10.1(Dec 13, 2014)

    This is a bug fix release, fixing: Incorrect handling of resources and intercept_exceptions App Config options https://github.com/wcdolphin/flask-cors/issues/84 Issue with functools.partial in 1.10.0 using Python 2.7.9 https://github.com/wcdolphin/flask-cors/issues/83

    Shoutout to @diiq and @joonathan for reporting these issues!

    Source code(tar.gz)
    Source code(zip)
  • 1.10.0(Dec 11, 2014)

    • Adds support for returning CORS headers with uncaught exceptions in production so 500s will have expected CORS headers set. This will allow clients to better surface the errors, rather than failing due to security. Reported and tested by @robertfw -- thanks!
    • Improved conformance of preflight request handling to W3C spec.
    • Code simplification and 100% test coverage :sunglasses:
    Source code(tar.gz)
    Source code(zip)
  • 1.9.0(Sep 20, 2014)

    • Improves API consistency, allowing a CORS resource of '*'
    • Improves documentation of the CORS app extension
    • Fixes test import errors on Python 3.4.1 (Thanks @wking )
    Source code(tar.gz)
    Source code(zip)
  • 1.8.1(Sep 18, 2014)

  • v1.8.0(Aug 22, 2014)

    Adds support for regular expressions in the list of origins.

    This allows subdomain wildcarding and should be fully backwards compatible.

    Credit to @marcoqu for opening https://github.com/wcdolphin/flask-cors/issues/54 which inspired this work

    Source code(tar.gz)
    Source code(zip)
flask-apispec MIT flask-apispec (🥉24 · ⭐ 520) - Build and document REST APIs with Flask and apispec. MIT

flask-apispec flask-apispec is a lightweight tool for building REST APIs in Flask. flask-apispec uses webargs for request parsing, marshmallow for res

Joshua Carp 617 Dec 30, 2022
Adds SQLAlchemy support to Flask

Flask-SQLAlchemy Flask-SQLAlchemy is an extension for Flask that adds support for SQLAlchemy to your application. It aims to simplify using SQLAlchemy

The Pallets Projects 3.9k Dec 29, 2022
MongoEngine flask extension with WTF model forms support

Flask-MongoEngine Info: MongoEngine for Flask web applications. Repository: https://github.com/MongoEngine/flask-mongoengine About Flask-MongoEngine i

MongoEngine 815 Jan 3, 2023
i18n and l10n support for Flask based on Babel and pytz

Flask Babel Implements i18n and l10n support for Flask. This is based on the Python babel module as well as pytz both of which are installed automatic

null 397 Dec 15, 2022
Pagination support for flask

flask-paginate Pagination support for flask framework (study from will_paginate). It supports several css frameworks. It requires Python2.6+ as string

Lix Xu 264 Nov 7, 2022
Adds Injector support to Flask.

Flask-Injector Adds Injector support to Flask, this way there's no need to use global Flask objects, which makes testing simpler. Injector is a depend

Alec Thomas 246 Dec 28, 2022
Adds GraphQL support to your Flask application.

Flask-GraphQL Adds GraphQL support to your Flask application. Usage Just use the GraphQLView view from flask_graphql from flask import Flask from flas

GraphQL Python 1.3k Jan 3, 2023
Pagination support for flask

flask-paginate Pagination support for flask framework (study from will_paginate). It supports several css frameworks. It requires Python2.6+ as string

Lix Xu 223 Feb 17, 2021
Adds GraphQL support to your Flask application.

Flask-GraphQL Adds GraphQL support to your Flask application. Usage Just use the GraphQLView view from flask_graphql from flask import Flask from flas

GraphQL Python 1.2k Feb 17, 2021
WebSocket support for Flask

flask-sock WebSocket support for Flask Installation pip install flask-sock Example from flask import Flask, render_template from flask_sock import Soc

Miguel Grinberg 165 Dec 27, 2022
An extension to add support of Plugin in Flask.

An extension to add support of Plugin in Flask.

Doge Gui 31 May 19, 2022
SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).

Flask-SeaSurf SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF). CSRF vulnerabilities have been found in large and popular

Max Countryman 183 Dec 28, 2022
Flask-Bcrypt is a Flask extension that provides bcrypt hashing utilities for your application.

Flask-Bcrypt Flask-Bcrypt is a Flask extension that provides bcrypt hashing utilities for your application. Due to the recent increased prevelance of

Max Countryman 310 Dec 14, 2022
Flask-Rebar combines flask, marshmallow, and swagger for robust REST services.

Flask-Rebar Flask-Rebar combines flask, marshmallow, and swagger for robust REST services. Features Request and Response Validation - Flask-Rebar reli

PlanGrid 223 Dec 19, 2022
Flask-Bcrypt is a Flask extension that provides bcrypt hashing utilities for your application.

Flask-Bcrypt Flask-Bcrypt is a Flask extension that provides bcrypt hashing utilities for your application. Due to the recent increased prevelance of

Max Countryman 282 Feb 11, 2021
Flask-Starter is a boilerplate starter template designed to help you quickstart your Flask web application development.

Flask-Starter Flask-Starter is a boilerplate starter template designed to help you quickstart your Flask web application development. It has all the r

Kundan Singh 259 Dec 26, 2022
Brandnew-flask is a CLI tool used to generate a powerful and mordern flask-app that supports the production environment.

Brandnew-flask is still in the initial stage and needs to be updated and improved continuously. Everyone is welcome to maintain and improve this CLI.

brandonye 4 Jul 17, 2022
Flask Project Template A full feature Flask project template.

Flask Project Template A full feature Flask project template. See also Python-Project-Template for a lean, low dependency Python app. HOW TO USE THIS

Bruno Rocha 96 Dec 23, 2022
Flask-app scaffold, generate flask restful backend

Flask-app scaffold, generate flask restful backend

jacksmile 1 Nov 24, 2021