I'm configuring my flask app to run under iis with a reverse proxy. Basically my setup is like this:
external.domain.com:8000 ->
Reverse Proxy IIS ->
interal.network.net ->
iis (wfastcgi/flask)
The app's urls and content is loading correctly, but anything that deals with a session is not working:
Message flashing - no messages are flashed
Login cookies - not able to login at all
I've configured the flask app with these relevent config variables:
SERVER_NAME = 'internal.network.net'
SESSION_COOKIE_DOMAIN = 'external.domain.com'
I have an IIS rewrite rule set up on the external server:
Pattern: (.*)
Rewrite URL: http://internal.network.net/{R:1}
Is there anything else I need to configure to get sessions working correctly?
Not sure if this is the correct way of doing things but apparently excluding the properties SERVER_NAME and SESSION_COOKIE_DOMAIN actually fixes the issue.
Hope this helps someone.
Related
I have a public cloud VM which has public IP say 160.159.158.157 (this has a domain registered against it).
I have a Django application (backend) which is CORS-enabled and serves data through port 8080.
I have a React app running on the same VIM on a different port (3000), which is accessing the Django app and is supposed to produce a report.
The problem is that, when I use http://<domain-name>:8080/api/ or http://<public-ip>:8080/api/, my application is working fine,
but when I try to fetch data from localhost like http://localhost:8080/api/ or http://127.0.0.1:8080/api/, the React app fails to fetch data with the following error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1:8080/api/. (Reason: CORS request did not succeed). Status code: (null).
Here's what I've tried:
axios.get(baseURL, { headers: {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods':'GET,PUT,POST,DELETE,PATCH,OPTIONS',
}
but it didn't work. What should I do?
Looks like you've gotten confused where those headers need to be. You're setting them on the request to the backend, but they need to be set on the response from the backend. After all, it wouldn't be very good security if someone making a request could simply say "yeah, I'm ok, you should trust me".
The problem is going to be somewhere in your backend Django app, so double check the CORS config over there.
I have an app, built with Flask-User and Flask-Login. This app is working.
I launch my app like :
app.run('0.0.0.0', 5000)
This app is running into a container, which is linking ports like XXXX:5000
My problem is that : On my server, I'm running my container. On this server, I also use nginx where I set a special url for this porject. The special url is : '/my_special_url'
The problem is that I can't redirect my app endpoints (like '/sign_up' or '/register') to the right urls defined by nginx (it must be '/my_special_url/sign_up' or '/my_special_url/register').
I tried to use url_prefix into the flask app, but it doesn't work.
I can get my signalr code to connect + work no problem in my local environment by setting host with web url
"Host": {
"LocalHttpPort": 7070,
"CORS": "http://localhost:4200",
"CORSCredentials": true
}
Then I deploy it to the portal and go to CORS and add the web url that my storage blob static website is hosted on inside CORS for the signalr function app. When I login to my app with the web url matching cors value I get this for some reason
Also according to the docs (bottom part of page) I have to enable Access-Control-Allow-Crendentials
but it seems that a function app running on python doesn't have that option
How can I enable Access-Control-Allow-Crendentials in a python function app?
Yes, there is no way to set it on azure portal. Not only 'Access-Control-Allow-Crendentials', but also many other config settings cannot set by using azure portal when you are based on linux web app.
To achieve that you want, you can use below cmd in powershell:(It works when you are based on azure web app. azure function is based on web app sandbox, so below cmd also works on function.)
az resource update --name web --resource-group yourresoursegroupname --namespace Microsoft.Web --resource-type config --parent sites/yourfunctionname --set properties.cors.supportCredentials=true
This is the offcial doc:
https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-rest-api#enable-cors
If your app requires credentials such as cookies or authentication
tokens to be sent, the browser may require the
ACCESS-CONTROL-ALLOW-CREDENTIALS header on the response. To enable
this in App Service, set properties.cors.supportCredentials to true in
your CORS config. This cannot be enabled when allowedOrigins includes
'*'.
On my side, I can change the config setting. Let me know whether you can change the config.:)
I'm trying to set up Google sign-in using Flask dance for a flask based website:
from flask_dance.contrib.google import make_google_blueprint, google
blueprint = make_google_blueprint(
client_id= "CLIENT_ID",
client_secret="CLIENT_SECRET",
scope=[
"https://www.googleapis.com/auth/plus.me",
"https://www.googleapis.com/auth/userinfo.email",
]
)
app.register_blueprint(blueprint, url_prefix="/google_login")
And as the documentation suggests, I have the view set up like this:
#app.route('/google_login')
def google_login():
if not google.authorized:
return redirect(url_for("google.login"))
resp = google.get("/oauth2/v2/userinfo")
assert resp.ok, resp.text
return "You are {email} on Google".format(email=resp.json()["email"])
When I was testing I set the environment variable, OAUTHLIB_INSECURE_TRANSPORT to 1 by using
export OAUTHLIB_INSECURE_TRANSPORT=1
And now even after I've removed the environment variable, for some reason the Flaskdance seems to always resolve the URI to a http instead of HTTPS.
This is evident from the redirect uri mismatch error I'm getting (here website refers to the domain name):
The redirect URI in the request,
http://"website"/google_login/google/authorized, does not match
the ones authorized for the OAuth client.
And here are the authorized redirect URIs I've set up in my Google cloud console:
https://"website"/google_login/google/authorized
https://www."website"/google_login/google/authorized
I tried unsetting the environment variable using this command:
unset OAUTHLIB_INSECURE_TRANSPORT
What am I missing here? Any help would be appreciated.
If Flask-Dance is generating http URLs instead of https, that indicates that Flask (not Flask-Dance, but Flask itself) is confused about whether the incoming request is an https request or not. Flask-Dance has some documentation about how to resolve this problem, and the most likely cause is a proxy server that handles the HTTPS separately from your application server.
The fix is to use a middleware like werkzeug's ProxyFix to teach Flask that it's behind a proxy server. Here's how you can use it:
from werkzeug.middleware.proxy_fix import ProxyFix
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1)
I had the same problem and in my case adding this to my Apache VirtualHost config solved it:
RequestHeader set X-Forwarded-Proto "https"
My Flask is running behind an Apache proxy but Nginx would also have similar issues, potentially.
How do I get App Engine to generate the URL of the server it is currently running on?
If the application is running on development server it should return
http://localhost:8080/
and if the application is running on Google's servers it should return
http://application-name.appspot.com
You can get the URL that was used to make the current request from within your webapp handler via self.request.url or you could piece it together using the self.request.environ dict (which you can read about on the WebOb docs - request inherits from webob)
You can't "get the url for the server" itself, as many urls could be used to point to the same instance.
If your aim is really to just discover wether you are in development or production then use:
'Development' in os.environ['SERVER_SOFTWARE']
Here is an alternative answer.
from google.appengine.api import app_identity
server_url = app_identity.get_default_version_hostname()
On the dev appserver this would show:
localhost:8080
and on appengine
your_app_id.appspot.com
If you're using webapp2 as framework chances are that you already using URI routing in you web application.
http://webapp2.readthedocs.io/en/latest/guide/routing.html
app = webapp2.WSGIApplication([
webapp2.Route('/', handler=HomeHandler, name='home'),
])
When building URIs with webapp2.uri_for() just pass _full=True attribute to generate absolute URI including current domain, port and protocol according to current runtime environment.
uri = uri_for('home')
# /
uri = uri_for('home', _full=True)
# http://localhost:8080/
# http://application-name.appspot.com/
# https://application-name.appspot.com/
# http://your-custom-domain.com/
This function can be used in your Python code or directly from templating engine (if you register it) - very handy.
Check webapp2.Router.build() in the API reference for a complete explanation of the parameters used to build URIs.