有一个运行https的外部网站。我有一个基于UI的服务器"我可以运行javascript。
我希望该网站通过我们在其网站上运行的javascript向我发送XMLHttpRequest()到我在其他地方运行的Flask_Restful。
此代码有效,但仅限于http网站。他们的网站是http s 。 我目前正在Chrome控制台上运行此代码。
var xhttp = new XMLHttpRequest();
xhttp.open("PUT", "http://[my_server]:5000/todos/todo3", true);`
xhttp.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
xhttp.send(JSON.stringify({ "task": "new task2"}));
所以我收到错误:
This request has been blocked; the content must be served over HTTPS.
如果我用https运行它,我会收到错误:
OPTIONS https://9[my_flask_server]:5000/todos/todo3 net::ERR_SSL_PROTOCOL_ERROR
My Flask服务器还打印出:
code 400, message Bad request syntax ('\x16...
如何启用我的烧瓶网站以允许此SSL呼叫?
我已经启用了这样的CORS:
from flask import Flask
from flask_restful import reqparse, abort, Api, Resource
from flask_cors import CORS, cross_origin
app = Flask(__name__)
CORS(app)
api = Api(app)
编辑1
我正在尝试将ssl功能添加到我的服务器。
我使用以下命令创建了一个host.cert文件和一个host.key文件:
openssl genrsa 1024 > host.key
chmod 400 host.key
openssl req -new -x509 -nodes -sha1 -days 365 -key host.key -out host.cert
来源:https://serverfault.com/questions/224122/what-is-crt-and-key-and-how-can-i-generate-them
我更新了我的Flask app.py,使得顶部看起来像这样:
from flask import Flask
from flask_restful import reqparse, abort, Api, Resource
from flask_cors import CORS, cross_origin
from OpenSSL import SSL
context = SSL.Context(SSL.SSLv23_METHOD)
context.use_privatekey_file('host.key')
context.use_certificate_file('host.cert')
app = Flask(__name__)
CORS(app)
api = Api(app)
来源:http://flask.pocoo.org/snippets/111/
当我运行python app.py时,它现在出错了。
当前错误:
Traceback (most recent call last):
File "app.py", line 72, in <module>
app.run(host="[my_server]", port="5000", ssl_context=context)
File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 841, in run
run_simple(host, port, self, **options)
File "/usr/local/lib/python2.7/dist-packages/werkzeug/serving.py", line 742, in run_simple
inner()
File "/usr/local/lib/python2.7/dist-packages/werkzeug/serving.py", line 702, in inner
fd=fd)
File "/usr/local/lib/python2.7/dist-packages/werkzeug/serving.py", line 596, in make_server
passthrough_errors, ssl_context, fd=fd)
File "/usr/local/lib/python2.7/dist-packages/werkzeug/serving.py", line 528, in __init__
self.socket = ssl_context.wrap_socket(sock, server_side=True)
AttributeError: 'OpenSSL.SSL.Context' object has no attribute 'wrap_socket'
编辑2 :(没有工作)
sudo pip install 'Werkzeug==0.9.6'
将问题更改为:
Traceback (most recent call last):
File "/usr/lib/python2.7/logging/__init__.py", line 851, in emit
msg = self.format(record)
File "/usr/lib/python2.7/logging/__init__.py", line 724, in format
return fmt.format(record)
File "/usr/lib/python2.7/logging/__init__.py", line 464, in format
record.message = record.getMessage()
File "/usr/lib/python2.7/logging/__init__.py", line 328, in getMessage
msg = msg % self.args
TypeError: %d format: a number is required, not str
Logged from file _internal.py, line 87
编辑3:进展
仅使用
from OpenSSL import SSL
...
和
...
if __name__ == '__main__':
context = ('host.crt', 'host.key')
app.run(host...
已更改控制台端错误:
OPTIONS https://[my_flask_server]:5000/todos/todo3 net::ERR_SSL_PROTOCOL_ERROR
到
OPTIONS https://[my_flask_server]:5000/todos/todo3 net::ERR_INSECURE_RESPONSE
编辑3
此时它只是浏览器相关的安全检查,因为我的ssl证书无法识别/弱。我想我已经尽可能好地工作了,我想尝试让它获得更多授权吗?