Python,Flask:如何为所有响应设置响应头
我想将所有http头响应设置为以下内容:Python,Flask:如何为所有响应设置响应头,python,flask,http-headers,Python,Flask,Http Headers,我想将所有http头响应设置为以下内容: response.headers["X-Frame-Options"] = "SAMEORIGIN" 我检查了,但它只更改一个特定控制器的标题。我想在“before_request”函数中更改所有标题,类似于以下逻辑。我该怎么做 @app.before_request def before_request(): # response.headers["X-Frame-Options"] = "SAMEORIGIN" 在中设置标题,此时您有一个
response.headers["X-Frame-Options"] = "SAMEORIGIN"
@app.before_request
def before_request():
# response.headers["X-Frame-Options"] = "SAMEORIGIN"
@app.after_request
def apply_caching(response):
response.headers["X-Frame-Options"] = "SAMEORIGIN"
return response
当这个钩子运行时,仍然可用,因此您此时仍然可以根据请求更改响应。应用程序的
@app.after\u request()钩子#Helper函数返回带有状态代码和CORS头的响应
def准备_响应(res_对象、状态_代码):
response=flask.jsonify(res\u对象)
response.headers.set('Access-Control-Allow-Origin','*'))
response.headers.set('Access-Control-Allow-Methods','GET,POST')
返回响应,状态代码
因此,当我想要返回一个响应(总是带有CORS头)时,我现在可以调用这个函数,并且我不会复制启用CORS所需的response.headers设置。我们可以使用WSGI中间件为Python Flask应用程序中的所有响应优雅地设置响应头 使用中间件在Flask应用程序上下文中设置响应头的这种方法是线程安全的,可用于设置自定义和动态属性,读取请求头如果我们从任何帮助器类设置自定义/动态响应头,这将特别有用 文件:
middleware.pyimport flask
from flask import request, g
class SimpleMiddleWare(object):
"""
Simple WSGI middleware
"""
def __init__(self, app):
self.app = app
self._header_name = "any_request_header"
def __call__(self, environ, start_response):
"""
middleware to capture request header from incoming http request
"""
request_id_header = environ.get(self._header_name) # reading all request headers
environ[self._header_name] = request_id_header
def new_start_response(status, response_headers, exc_info=None):
"""
set custom response headers
"""
# set the above captured request header as response header
response_headers.append((self._header_name, request_id_header))
# example to access flask.g values set in any class thats part of the Flask app & then set that as response header
values = g.get(my_response_header, {})
if values.get('x-custom-header'):
response_headers.append(('x-custom-header', values.get('x-custom-header')))
return start_response(status, response_headers, exc_info)
return self.app(environ, new_start_response)
from flask import Flask
import asyncio
from gevent.pywsgi import WSGIServer
from middleware import SimpleMiddleWare
app = Flask(__name__)
app.wsgi_app = SimpleMiddleWare(app.wsgi_app)
main.pyimport flask
from flask import request, g
class SimpleMiddleWare(object):
"""
Simple WSGI middleware
"""
def __init__(self, app):
self.app = app
self._header_name = "any_request_header"
def __call__(self, environ, start_response):
"""
middleware to capture request header from incoming http request
"""
request_id_header = environ.get(self._header_name) # reading all request headers
environ[self._header_name] = request_id_header
def new_start_response(status, response_headers, exc_info=None):
"""
set custom response headers
"""
# set the above captured request header as response header
response_headers.append((self._header_name, request_id_header))
# example to access flask.g values set in any class thats part of the Flask app & then set that as response header
values = g.get(my_response_header, {})
if values.get('x-custom-header'):
response_headers.append(('x-custom-header', values.get('x-custom-header')))
return start_response(status, response_headers, exc_info)
return self.app(environ, new_start_response)
from flask import Flask
import asyncio
from gevent.pywsgi import WSGIServer
from middleware import SimpleMiddleWare
app = Flask(__name__)
app.wsgi_app = SimpleMiddleWare(app.wsgi_app)
再加一句。您应该使用
@app.before_request映射进行黑客攻击是一个更高级的主题,可能应该是一个单独的问答对的主题。请注意,X-Frame-Options
已被Frame-conventors
指令淘汰。有关框架祖先和imlpement Flask CSP的开源库的更多信息: