The same-origin policy prevents Web application front-ends from loading resources that come from a different domain, protocol, or Cross-Origin Resource Sharing (CORS) policies can be used to relax this restriction. CORS policies that are too permissive may lead to loading content from untrusted or malicious sources.
1from flask import app, request
2from flask import Flask
3from flask_cors import CORS
4
5
6app = Flask(__name__)
7# Noncompliant: the send_wildcard is set to allow any domain.
8CORS(app, send_wildcard=True)
1from flask import app, request
2from flask import Flask
3from flask_cors import CORS
4
5app = Flask(__name__)
6# Compliant: the send_wildcard is set to allow only a specific list of
7# trusted domains.
8CORS(app, send_wildcard=False)