corydolphin
Access to fetch at 'http://127.0.0.1:5000/account/summary' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Python: 3.9 Works sometimes with flask-cors 4.0.0 Works always with flask-cors 3.0.10
app = Flask(__name__)
CORS(app=app, resources={r"*": {"origins": "*"}})
logging.debug('CORS initialised')
I've encountered the same issue with flask-cors==3.0.10.
The issue appears once after a while then vanishes after minutes/hours, then appears again without no changes, no deployment at my server.
The issue cannot be bypassed by disabling security check in Chrome browser:
- launching Chrome with security off:
google-chrome --disable-web-security - installing Chome extension to skip CORS check:
https://chrome.google.com/webstore/detail/allow-cors-access-control/lhobafahddgcelffkeicbaginigeejlf
I will update this comment if I can figure it out.
@terrynguyen255 did you ever figure this out?
Edit: Decided this package was terrible and came up with my own solution.
def add_cors_headers(response):
response.headers['Access-Control-Allow-Origin'] = FRONTEND_URL # Adjust as needed
response.headers['Access-Control-Allow-Credentials'] = 'true'
response.headers['Access-Control-Allow-Headers'] = 'Content-Type, Authorization'
response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, OPTIONS'
return response
###
@app.after_request
def after_request(response):
return add_cors_headers(response)
# Handles preflight requests
@app.route('/', defaults={'path': ''}, methods=['OPTIONS'])
@app.route('/<path:path>', methods=['OPTIONS'])
def options_preflight(path):
return add_cors_headers(make_response())
@rajbirjohar Did it work?
@terrynguyen255 did you ever figure this out?
Edit: Decided this package was terrible and came up with my own solution.
def add_cors_headers(response): response.headers['Access-Control-Allow-Origin'] = FRONTEND_URL # Adjust as needed response.headers['Access-Control-Allow-Credentials'] = 'true' response.headers['Access-Control-Allow-Headers'] = 'Content-Type, Authorization' response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, OPTIONS' return response ### @app.after_request def after_request(response): return add_cors_headers(response) # Handles preflight requests @app.route('/', defaults={'path': ''}, methods=['OPTIONS']) @app.route('/<path:path>', methods=['OPTIONS']) def options_preflight(path): return add_cors_headers(make_response())
@rajbirjohar Did it work?
@terrynguyen255 did you ever figure this out?
Edit: Decided this package was terrible and came up with my own solution.
def add_cors_headers(response):
response.headers['Access-Control-Allow-Origin'] = FRONTEND_URL # Adjust as neededresponse.headers['Access-Control-Allow-Credentials'] = 'true'response.headers['Access-Control-Allow-Headers'] = 'Content-Type, Authorization'response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, OPTIONS'return response@app.after_request
def after_request(response):
return add_cors_headers(response)Handles preflight requests
@app.route('/', defaults={'path': ''}, methods=['OPTIONS'])
@app.route('/path:path', methods=['OPTIONS'])
def options_preflight(path):
return add_cors_headers(make_response())
@Dev-hugo-hash Yes.