2

I'm trying to build a cors proxy through flask from scratch. Here's my code

@app.route('/api/v1/cors/url=<name>&method=<method>', methods=['GET'])
def api_cors(name, method):
    if method == 'http' or method == 'https':
        r = request.urlopen(method+"://"+name)
        return r.read()
    else:
        return "method not set!"

It is working good so far but I have one problem, when I pass "url=google.com&method=https" it is working fine but when I pass something like "url=google.com/images/image.jpg&method=https" the "/" will considered as a new directory

Is there anyway to evade this in flask?

Improve this question
3
  • can you try with keeping it between inverted commas like "url='google.com/images/image.jpg'&method=https" Commented Nov 19, 2016 at 15:21
  • @SunilT how would i go about doing that, wouldnt it be bypassed anyway Commented Nov 19, 2016 at 15:25
  • Please refer stackoverflow.com/questions/2992231/slashes-in-url-variables.. seems there are multiple solutions to solve this. Commented Nov 19, 2016 at 15:39

3 Answers 3

Reset to default
4

Don't try and pass the value as part of the route itself. Pass it as a query parameter.

@app.route('/api/v1/cors/')
def api_cors():
    url = request.args.get('url')

and call it as "/api/v1/cors/?url=https://google.com/images/image.jpg".

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

hey i get attribute error when doing the same as you did
AttributeError: 'module' object has no attribute 'args'
i did import request btw,: from flask import request
Do you have a request.py that you import somewhere?
have it where? isnt it supposed to come as a package, plus i dont get any import errors
|
2

If you want use the same URL scheme that you're using now, change your routing decorator to this and it will work.

@app.route('/api/v1/cors/url=<path:name>&method=<method>', methods=['GET'])
Improve this answer

Comments

0

In my use-case I am building a MS Graph file browser which receives a @odata.nextLink value from Graph API calls, which look like https://graph.microsoft.com/v1.0/groups/myGroupId/drive/items('driveItem')/children?$select=id,name,webUrl&$top=10&$skiptoken=someToken.

In my main python script I add a quote function to the jinja environment using urllib.parse.quote. We need this to encode the URLs within our jinja templates:

import urllib
app.jinja_env.globals.update(Auth=identity.web.Auth, quote=urllib.parse.quote)

In my Jinja template I use the following to encode the result['@odata.nextLink'] URL and make sure to set safe='' so the / characters are also encoded. This encoded URL is sent to our odNextLink route:

<a href="{{ url_for('odNextLink', nextLink=quote(result['@odata.nextLink'], safe='')) }}">Next link</a>

In our route we need to make sure we have import urllib so we can unencoded the URL using urllib.parse.unquote(nextLink) before calling the API endpoint.

# this route should return results from a Graph API 'nextLink' call
@app.route("/od_group_items/<nextLink>")
def odNextLink(nextLink):
    import urllib
    token = app.auth.get_token_for_user(ast.literal_eval(os.getenv('SCOPE')))
    if "error" in token:
        return redirect(url_for("login"))
    api_result = requests.get(
        urllib.parse.unquote(nextLink),
        headers={'Authorization': 'Bearer ' + token['access_token']},
        timeout=30,
    ).json()
    return api_result
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.