We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi, I am seeing a regression in 3.0.0 that I don't see mentioned in the changelog or documentation.
3.0.0
Using the following test:
from flask import Flask from flask_cors import CORS import pytest app = Flask(__name__) @app.route('/') def index(): return 'Success' CORS(app, origins=[r"https?://example.com"]) @pytest.mark.parametrize('origin, expected', [ ('http://example.com', True), ('https://example.com', True), ('http://failure.com', False), ]) def test_regex_origin(origin, expected): with app.test_client() as client: response = client.get('/', headers={'origin': origin}) assert ('Access-Control-Allow-Origin' in response.headers) == expected
Using 2.1.2:
2.1.2
$ pip freeze click==6.6 Flask==0.11.1 Flask-Cors==2.1.2 itsdangerous==0.24 Jinja2==2.8 MarkupSafe==0.23 py==1.4.31 pytest==3.0.1 six==1.10.0 Werkzeug==0.11.11 $ py.test test.py ============================= test session starts ============================== platform darwin -- Python 2.7.12, pytest-3.0.1, py-1.4.31, pluggy-0.3.1 rootdir: /private/tmp, inifile: collected 3 items test.py ... =========================== 3 passed in 0.10 seconds ===========================
Upgrading to 3.0.0:
$ pip install flask-cors==3.0.0 Collecting flask-cors==3.0.0 Using cached Flask_Cors-3.0.0-py2.py3-none-any.whl Requirement already satisfied (use --upgrade to upgrade): Six in ./env-old/lib/python2.7/site-packages (from flask-cors==3.0.0) Requirement already satisfied (use --upgrade to upgrade): Flask>=0.9 in ./env-old/lib/python2.7/site-packages (from flask-cors==3.0.0) Requirement already satisfied (use --upgrade to upgrade): click>=2.0 in ./env-old/lib/python2.7/site-packages (from Flask>=0.9->flask-cors==3.0.0) Requirement already satisfied (use --upgrade to upgrade): Jinja2>=2.4 in ./env-old/lib/python2.7/site-packages (from Flask>=0.9->flask-cors==3.0.0) Requirement already satisfied (use --upgrade to upgrade): Werkzeug>=0.7 in ./env-old/lib/python2.7/site-packages (from Flask>=0.9->flask-cors==3.0.0) Requirement already satisfied (use --upgrade to upgrade): itsdangerous>=0.21 in ./env-old/lib/python2.7/site-packages (from Flask>=0.9->flask-cors==3.0.0) Requirement already satisfied (use --upgrade to upgrade): MarkupSafe in ./env-old/lib/python2.7/site-packages (from Jinja2>=2.4->Flask>=0.9->flask-cors==3.0.0) Installing collected packages: flask-cors Found existing installation: Flask-Cors 2.1.2 Uninstalling Flask-Cors-2.1.2: Successfully uninstalled Flask-Cors-2.1.2 Successfully installed flask-cors-3.0.0 $ pip freeze click==6.6 Flask==0.11.1 Flask-Cors==3.0.0 itsdangerous==0.24 Jinja2==2.8 MarkupSafe==0.23 py==1.4.31 pytest==3.0.1 six==1.10.0 Werkzeug==0.11.11 $ py.test test.py ============================= test session starts ============================== platform darwin -- Python 2.7.12, pytest-3.0.1, py-1.4.31, pluggy-0.3.1 rootdir: /private/tmp, inifile: collected 3 items test.py FF. =================================== FAILURES =================================== __________________ test_regex_origin[http://example.com-True] __________________ origin = 'http://example.com', expected = True @pytest.mark.parametrize('origin, expected', [ ('http://example.com', True), ('https://example.com', True), ('http://failure.com', False), ]) def test_regex_origin(origin, expected): with app.test_client() as client: response = client.get('/', headers={'origin': origin}) > assert ('Access-Control-Allow-Origin' in response.headers) == expected E assert ('Access-Control-Allow-Origin' in Headers([('Content-Type', 'text/html; charset=utf-8'), ('Content-Length', '7')])) == True E + where Headers([('Content-Type', 'text/html; charset=utf-8'), ('Content-Length', '7')]) = <Response streamed [200 OK]>.headers test.py:23: AssertionError _________________ test_regex_origin[https://example.com-True] __________________ origin = 'https://example.com', expected = True @pytest.mark.parametrize('origin, expected', [ ('http://example.com', True), ('https://example.com', True), ('http://failure.com', False), ]) def test_regex_origin(origin, expected): with app.test_client() as client: response = client.get('/', headers={'origin': origin}) > assert ('Access-Control-Allow-Origin' in response.headers) == expected E assert ('Access-Control-Allow-Origin' in Headers([('Content-Type', 'text/html; charset=utf-8'), ('Content-Length', '7')])) == True E + where Headers([('Content-Type', 'text/html; charset=utf-8'), ('Content-Length', '7')]) = <Response streamed [200 OK]>.headers test.py:23: AssertionError ====================== 2 failed, 1 passed in 0.14 seconds ======================
However, if I change the origins parameter to include both HTTP and HTTPS origins as regular strings:
origins
11c11 < CORS(app, origins=[r"https?://example.com"]) --- > CORS(app, origins=["http://example.com", "https://example.com"])
The tests pass:
$ py.test test.py ============================= test session starts ============================== platform darwin -- Python 2.7.12, pytest-3.0.1, py-1.4.31, pluggy-0.3.1 rootdir: /private/tmp, inifile: collected 3 items test.py ... =========================== 3 passed in 0.10 seconds ===========================
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hi, I am seeing a regression in
3.0.0that I don't see mentioned in the changelog or documentation.Using the following test:
Using
2.1.2:Upgrading to
3.0.0:However, if I change the
originsparameter to include both HTTP and HTTPS origins as regular strings:The tests pass:
The text was updated successfully, but these errors were encountered: