Develop Reference

Flask cors not allowing request from my react web app (even with cors enabled)

im having many issues with my backend flask API with CORS. I have done everything which flask documentation and stackover flow says, but I still get this error. Even with cors enabled. Anyone know what is wrong?
Even adding the flask decorator for cross_origin doesn't resolve the issues
from flask import Flask, render_template, request, session, redirect, jsonify, abort
from flask_cors import CORS
import pymongo
from config import get_env_var
from utils import get_token, get_user_information
app = Flask(__name__)
CORS(app)
#app.route("/oauth/discord", methods=["POST"])
def oauth():
Access to XMLHttpRequest at 'http://127.0.0.1:5000/oauth/callback' from origin 'http://127.0.0.1:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

How to allow Cross Origin Request with Flask CORS correctly?

I'm trying to allow Same Origin request to my Flask app:
this is in my __init__.py file:
# ... other imports ...
from flask_cors import CORS
cors = CORS()
def create_app(script_info=None):
app = Flask(__name__)
app_settings = os.getenv('APP_SETTINGS')
app.config.from_object(app_settings)
from project.api.flakes import flakes_blueprint
app.register_blueprint(flakes_blueprint)
cors.init_app(flakes_blueprint, resources={r"/flakes": {"origins": "*"}})
return app
According to docs this should be sufficient to get it working but I get:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5001/flakes. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)
How can I get it working ? I would've thought {"origins": "*"} covers everything.

I've not seen an example like you have provided using cors_init_app(), so cannot comment on why it doesn't work.
However, here is an example of I've used previously that works:
app = Flask(__name__)
CORS(app, resources={r'/*': {'origins': '*'}})
app.config['CORS_HEADERS'] = 'Content-Type'
app.register_blueprint(my_blueprint_module.bp)

Flask serving static folder with CORS

In my frontend app I'm trying to access a file I'm serving in a static folder but I'm getting an issue with CORS. The issue I'm seeing is
Access to XMLHttpRequest at 'http://127.0.0.1:5000/static_folder/apple.xml' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
My backend Flask app has the following set
app = Flask(__name__, static_url_path='/static_folder', static_folder="static_folder")
It seems that I need to add the 'Access-Control-Allow-Origin' header to my responses when returning the files. Does Flask have a global way to set this?
I've tried using flask_cors but haven't been successful with
from flask_cors import CORS, cross_origin
app = Flask(__name__, static_url_path='/static_folder', static_folder="static_folder")
CORS(app)
I was able to get something similar working with the SimpleHTTPRequestHandler by setting the CORS headers as
def end_headers (self):
self.send_header('Access-Control-Allow-Origin', '*')
SimpleHTTPRequestHandler.end_headers(self)
But I'd like to use flask to accomplish this rather than starting a simple http server.

after cors(app) add these lines:
#app.after_request
def after_request(response):
response.headers.add('Access-Control-Allow-Headers', 'Content-Type, Authorization')
response.headers.add('Access-Control-Allow-Methods', 'GET, POST, PATCH, DELETE, OPTIONS')
return response

Also, if using the flask-cors package, you should be able to blanket your static requests:
from flask import Flask
from flask_cors import CORS
# Initialize
app = Flask(__name__)
cors = CORS(app, resources={r"/static/*": {"origins": "*"}})
Good luck!

flask-cors not sending preflight CORS request

I want to allow only localhost as access-control-allow-origin in my Flask app. I tried searching for this issue at other places with no solution. My code is very simple and straightforward as follows :
from flask import Flask
from routes.routes import *
from flask_cors import CORS
app = Flask(__name__)
CORS(app, resources={r"/*": {"origins": "http://localhost:3000"}})
app.wsgi_app = PrefixMiddleware(app.wsgi_app, prefix='/drax')
app.add_url_rule('/template/<actionId>/<actionName>', None, templateActions, methods=['GET'])
The above should ONLY allow any request from localhost:3000 and not from anywhere else, like localhost:8080. But even when I make the request from port 8080 (another web app), it allows the request.

Looks like you need to specify a valid http origin in your request as under:
CORS(
app,
supports_credentials=True,
resources={
r"/*": {
"origins": [
"http://localhost:3000",
""http://localhost"
"http://127.0.0.1:3000",
"http://127.0.0.1,
]
}
},
)
I do not think http://local is a valid origin

Using Flask-CORS with Flask LoginManager

My flask back-end authentication is using Flask LoginManager to handle users login and logout.
The LoginManager is session based auth and i'm having a lot of troubles in JavaScript front-end with the views which are using #login_required decorator.
When i remove this decorator my front-end works correctly.
I searched and fined out i should use CORS in my back-end.
Now my question is how can i user Flask-CORS with login_required and flask LoginManager?
I tried this but it doesn't work:
from flask_cors import CORS, cross_origin
app = Blueprint('app', __name__)
CORS(app, support_credentials=True)
#login_required
#cross_origin(supports_credentials=True)
def my_view():
... #returns some jsonify values
Could anyone helps me ?