Closed piyushpriyam closed 4 years ago
used CORS(app)
did not work
@app.after_request def after_request(response): response.headers.add('Access-Control-Allow-Origin', '*') response.headers.add('Access-Control-Allow-Headers', 'Content-Type,Authorization') response.headers.add('Access-Control-Allow-Methods', 'POST') return response
need to use this.
Hi. Can you please elaborate on your solution. I am trying the same stack. I have a custom header I need to pass and cors is erroring out.
Request header field bearer is not allowed by Access-Control-Allow-Headers in preflight response
Provide your custom header like:- response.headers.add('Access-Control-Allow-Headers', 'Content-Type,Authorization,timeout')
@app.after_request def after_request(response): response.headers.add('Access-Control-Allow-Origin', '*') response.headers.add('Access-Control-Allow-Headers', 'Content-Type,Authorization') response.headers.add('Access-Control-Allow-Methods', 'POST') return response
need to use this.
Use this and all perfect, no need use CORS lib from flask-cors if you not use customize control allow
If someone is still in there with multiple origins and doesn't want to set them all manually, I have a very simple solution for that:
CORS(app,
origins=["http://localhost:2000", "http://127.0.0.1:2000", <the rest of your origins>],
supports_credentials=True,
methods=["*"])
@app.after_request
def after_request(response):
if response.headers.get('Access-Control-Allow-Headers'):
return response
else:
response.headers.add('Access-Control-Allow-Headers', 'Content-Type, Authorization, XCSRF-Token')
return response
Nothing special, but you manually set the headers after each request if they are not set or present by your CORS.
I have done it this way before DOES NOT WORK FOR ME:
CORS(app,
origins=["http://localhost:2000", "http://127.0.0.1:2000", <the rest of my origins>],
supports_credentials=True,
methods=["*"],
resources={r"/api/*": {"origins": "*"}},
allow_headers=['Content-Type', 'Authorization', 'XCSRF-Token'])
This returns me following response:
[Error] Request header field Content-Type is not allowed by Access-Control-Allow-Headers.
Therefore, setting the headers manually, as I did there, is crucial for me to get my API working.
CORS(app, resources='/apk', allow_headers='content_type', origins='*')
I am trying to integrate Angular with the python services. I have check all related issues. It didn't help.