Trivial CORS example

hello.py

from flask import Flask
from flask.ext import restful
from flask.ext.restful.utils import cors

app = Flask(__name__)
api = restful.Api(app)
api.decorators = [cors.crossdomain(
    origin="*", headers=['accept', 'Content-Type'],
    methods=['HEAD', 'OPTIONS', 'GET', 'PUT', 'POST', 'DELETE'])]


class HelloWorld(restful.Resource):
    def options(self):
        pass

    def get(self):
        return {'hello': 'world'}

api.add_resource(HelloWorld, '/')

if __name__ == '__main__':
    app.run(debug=True)

Testing

$ http get http://127.0.0.1:5000/ Origin:http://example.com Access-Control-Request-Method:POST Access-Control-Request-Headers:X-Requested-With

HTTP/1.0 200 OK
Access-Control-Allow-Headers: ACCEPT, CONTENT-TYPE
Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, POST, PUT
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 21600
Content-Length: 25
Content-Type: application/json
Date: Wed, 08 Oct 2014 21:55:34 GMT
Server: Werkzeug/0.9.6 Python/2.7.8

{
    "hello": "world"
}


$ http options http://127.0.0.1:5000/ Origin:http://example.com Access-Control-Request-Method:POST Access-Control-Request-Headers:X-Requested-With                            

HTTP/1.0 200 OK
Access-Control-Allow-Headers: ACCEPT, CONTENT-TYPE
Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, POST, PUT
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 21600
Allow: HEAD, OPTIONS, GET
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Wed, 08 Oct 2014 21:55:54 GMT
Server: Werkzeug/0.9.6 Python/2.7.8