Block requests to a Blueprint using CORS

[ghost]

Using

app = Flask(__name__)

CORS(
    oauth, resources={r'http://localhost:5000/api/*': {'origins': 'http://localhost:5000/'}}
)

I blocked the external requests to /api/* routes. Use CORS to this purpose is adequate or I need to find another solution to block external requests in some routes ?

[corydolphin]

Hey Luis,

CORS is only useful from a security perspective when the client is a web browser. Flask-CORS doesn’t itself block requests, but informs browsers of how a resource may be used.

If “external” means “from another domain” then CORS is right for you.

On Sun, Aug 5, 2018 at 2:06 PM luizsouzax notifications@github.com wrote:

Using

app = Flask(name)

CORS( oauth, resources={r'http://localhost:5000/api/*': {'origins': 'http://localhost:5000/'}} )

I blocked the external requests to Api Blueprint routes ? Using CORS to this purpose is adequate or I need to find another solution ?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/corydolphin/flask-cors/issues/230, or mute the thread https://github.com/notifications/unsubscribe-auth/AAbRqVRFFksYpbiIGXS97wGAFXFNfX0cks5uN15kgaJpZM4VviR5 .