Forums

Set access control header for static content?

I would like to set the following header to allow external access to some static content (xml files on my web): Access-Control-Allow-Origin: *

I'm generating some static content I am trying to load in on another domain and getting XMLHTTPRequest errors: XMLHttpRequest cannot load https://mysite.com/myfile.xml. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://othersite.com/script.js' is therefore not allowed access.

There's no way to add headers to the static files served at the moment, but that's a great idea for a feature and I have raised a ticket for it.

In the meantime, you can make a small Flask web app that uses send_from_directory and this decorator to serve the file for you.

@glenn was this ever done? I'd like it too.

No it's not possible to set headers for static contents yet. (but glenn's solution above works to add the header)

Thanks, Conrad, I've tried from flask.ext.cors import cross_origin and from flask_cors import cross_origin and apparently those don't work?

I don't know the package, but you probably need to do more than just import it.

No problem, I created and set the source of a blank img element with parameters at the end of the URL which gave me the same upload of the data I need without CORS nonsense.