Open mbrucher opened 5 years ago
I thought it was a JWT issue as well, as it happens only on flask-JWT-extended protected entry points, but it looks like if I remove the protection and put it in the code (so instead of being JWT->CORS->code, it's CORS->code->JWT), I still hav the same problems and no calls to the API.
Hey @mbrucher sorry for the delay.
If you enable debug logging, there should be more verbose information on the Python side about what is happening, and why. Offhand, that configuration looks good to me.
Set logging.getLogger('flask_cors').level = logging.DEBUG
to enable verbose logging.
Cheers, Cory
I'm trying to fix a problem with CORS on my web app. I have the following CORS call:
CORS(app, resources=[r'/api/*', r'/auth/*'], origins=[r'^https://.*xxxx\.org$'], supports_credentials=True, vary_header=True)
I see the OPTIONS call in Chrome's debug as expected:
But then the POST call fails and I don't see the call on the backend:
'Access to XMLHttpRequest at 'https://api.xxxx.xxxx.org/search' from origin 'https://xxxx.xxxx.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.'
Is there something I missed that I should check? The headers are lower case, maybe that's the problem?