python


Flask CORS - no Access-control-allow-origin header present on a redirect()


I am implementing OAuth Twitter User-sign in (Flask API and Angular)
I keep getting the following error when I click the sign in with twitter button and a pop up window opens:
XMLHttpRequest cannot load https://api.twitter.com/oauth/authenticate?oauth_token=r-euFwAAAAAAgJsmAAABTp8VCiE. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
I am using the python-Cors packages to handle CORS, and I already have instagram sign in working correctly.
I believe it has something to do with the response being a redirect but have not been able to correct the problem.
My flask code looks like this:
app = Flask(__name__, static_url_path='', static_folder=client_path)
cors = CORS(app, allow_headers='Content-Type', CORS_SEND_WILDCARD=True)
app.config.from_object('config')
#app.route('/auth/twitter', methods=['POST','OPTIONS'])
#cross_origin(origins='*', send_wildcard=True)
##crossdomain(origin='')
def twitter():
request_token_url = 'https://api.twitter.com/oauth/request_token'
access_token_url = 'https://api.twitter.com/oauth/access_token'
authenticate_url = 'https://api.twitter.com/oauth/authenticate'
# print request.headers
if request.args.get('oauth_token') and request.args.get('oauth_verifier'):
-- omitted for brevity --
else:
oauth = OAuth1(app.config['TWITTER_CONSUMER_KEY'],
client_secret=app.config['TWITTER_CONSUMER_SECRET'],
callback_uri=app.config['TWITTER_CALLBACK_URL'])
r = requests.post(request_token_url, auth=oauth)
oauth_token = dict(parse_qsl(r.text))
qs = urlencode(dict(oauth_token=oauth_token['oauth_token']))
return redirect(authenticate_url + '?' + qs)
The problem is not yours. Your client-side application is sending requests to Twitter, so it isn't you that need to support CORS, it is Twitter. But the Twitter API does not currently support CORS, which effectively means that you cannot talk to it directly from the browser.
A common practice to avoid this problem is to have your client-side app send the authentication requests to a server of your own (such as this same Flask application that you have), and in turn the server connects to the Twitter API. Since the server side isn't bound to the CORS requirements there is no problem.
In case you want some ideas, I have written a blog article on doing this type of authentication flow for Facebook and Twitter: http://blog.miguelgrinberg.com/post/oauth-authentication-with-flask

Related Links

How to selectively iterate over files with Python
I'm having trouble using docker-py in a development environment on OSX
How to query AWS to get ELB names and attached instances to that using python boto modules?
Pi Wireless AP is dropping shortly after boot
How to redirect python logging output to file instead of stdout?
Matplotlib- Any way to use integers AND decimals in colorbar ticks?
ImportError: No module named setuptools.command on Mac OS X within virtualenv
Numpy Minimize COBYLA Constraints
Pyside Installation “Failed to find the MSVC compiler version 10.0 on your system”
How to do a group by operation on a list of json objects in python?
How to pass enum as argument in ctypes python?
Pandas value_counts Into New Columns
How to initialize and train an SVM with rootSIFT features in python
Python requests to catch post response
Regex to Match Domain Name
how to continue a while loop with an open file using os in python3 [duplicate]

Categories

HOME
json
sas
dynamics-crm
windows-7
puppet
transparent
codeeffects
apollo
is-empty
checksum
google-shopping
game-maker-studio-1.4
spinnaker
aspell
atlassian-plugin-sdk
vs2017
plupload
raphael
embedly
google-maps-android-api-2
remove-method
metadata-extractor
aurelia-binding
vertex-buffer
roundcube
getjson
spring-insight
division
body-parser
viewstate
jboss-esb
issue-tracking
dart-pub
bayesian-networks
amd
openweathermap
lirc
range-v3
chown
chrome-remote-desktop
text-classification
info
hpcc
infinite-scroll
search-box
visual-studio-templates
settimeout
sql-import-wizard
pdflib
gradle-script-kotlin
push-diffusion
easing
metalsmith
freefem++
financial
inet
mogrify
twython
leadtools-sdk
ibm-data-studio
robocode
android-search
viewflipper
power-law
valence
edit-in-place
visual-studio-addins
arangodb-php
wic
convex-polygon
localtime
soa-suite
process-monitor
git-filter-branch
linkedhashset
caliper
parameterization
surf
paintcomponent
rubycas
pivotal-crm
carbide
scala-2.8
pci-bus
callgrind
odbc-sql-server-driver
visual-studio-dbpro

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App