fatzh

We're facing the same issue, the `Access-Control-Allow-Methods` is only returned in the following cases: * if the header `Access-Control-Request-Method` AND `Origin` is set in the request * if the header...

the preflight queries are automatically handled, and looking at the developer tools in chrome it looks like the response is not always the same. Our scenario is fairly standard: *...

ok got the debug logs activated, and indeed the headers are not sent back: ``` [2022-04-20 17:18:34,288] DEBUG in core: CORS request received with 'Origin' http://mingus:1234 [2022-04-20 17:18:34,288] DEBUG in...

I tried already above, manually it works as soon as I explicitly set **Access-Control-Request-Method**. But in real life, I don't really control how the preflight requests are made, that's all...

after more investigation and logging, this seems to happen only when flask runs in development mode, where some payload get somehow injected in the `request.environ['REQUEST_METHOD']` value, so instead of a...