Can't get Authorization headers to work

[jamalmoir]

I have an app with a few blueprints and have just CORS(app)'d the whole thing.

Everything works until Authorization is involved.

After looking around many solutions and trying them all I still can't seem to get it to work. It fails anytime I pass an Authorization: BEARER <token> header with Failed to load http://localhost:5000/xxx: Response for preflight is invalid (redirect).

App:

app = FlaskAPI(__name__, instance_relative_config=True)
CORS(app, supports_credentials=True, headers=['Content-Type', 'Authorization'])

Example view:

journal_blueprint = Blueprint('journal', __name__, url_prefix='/journal')

@journal_blueprint.route('/', methods=['GET'])
def get_all_journals():
    user = get_authed_user()
    journals = get_journals(user)

    response = model_objects_to_json(journals)
    response.status_code = 200

    return response

Versions:

Flask==1.0.2
Flask-Cors==3.0.6

I'm sure I am missing something here and have done something stupid - so I apologise in advance - but please and thank you.

[corydolphin]

Hey @jamalmoir,

It sounds like what is happening is that the route which is being queried does not support options. Can you provide a more full example of the request to '/xxx' and what that route looks like?

Thanks, Cory

[jamalmoir]

@corydolphin sorry for the late reply - It turns out I was being pretty stupid - I set the route to have a slash on the end, when it shouldn't.

This fixed the above error - which then sprung up another error, to which I found the solution here: https://github.com/corydolphin/flask-cors/issues/67

Thank you!