I am having some trouble getting Flask CORS to whitelist certain domains from being able to do a POST request. I am making a curl request from www.google.com but making the domain googl.com to confirm the post.
Currently every single post is allowed in as my curl is "Access-Control-Allow-Origin: *"
I just want to be able to make sure only a set domain can make the POST request
@app.route('/api/userreset', methods=['POST'])
@cross_origin(origin='http://www.googl.com')
def resetFunction():
curl --header "Content-Type: application/json" --request POST "Origin: http://www.google.com" --verbose --data '{"email":"test@example.com"}' http://0.0.0.0:8080/api/userreset
I also tried the below which did nothing:
cors = CORS(app, resources={r"/api/*": {"origins": "http://www.googl.com"}})
The reply from the POST is as follows:
* Trying 0.0.0.0...
* TCP_NODELAY set
* Connected to 0.0.0.0 (127.0.0.1) port 8080 (#0)
> POST /api/userreset HTTP/1.1
> Host: 0.0.0.0:8080
> User-Agent: curl/7.64.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 219
>
* upload completely sent off: 219 out of 219 bytes
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Content-Type: text/html; charset=utf-8
< Content-Length: 55
< Access-Control-Allow-Origin: *
< Server: Werkzeug/0.16.0 Python/3.8.0
< Date: Mon, 16 Dec 2019 02:21:49 GMT