search

corydolphin / flask-cors

Cross Origin Resource Sharing ( CORS ) support for Flask
https://flask-cors.corydolphin.com/
MIT License
877 stars 137 forks source link

has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response. #252

Closed piyushpriyam closed 4 years ago

piyushpriyam commented 4 years ago

CORS(app, resources='/apk', allow_headers='content_type', origins='*')

I am trying to integrate Angular with the python services. I have check all related issues. It didn't help.

piyushpriyam commented 4 years ago

used CORS(app)

did not work

piyushpriyam commented 4 years ago

@app.after_request def after_request(response): response.headers.add('Access-Control-Allow-Origin', '*') response.headers.add('Access-Control-Allow-Headers', 'Content-Type,Authorization') response.headers.add('Access-Control-Allow-Methods', 'POST') return response

need to use this.

ctippur commented 4 years ago

Hi. Can you please elaborate on your solution. I am trying the same stack. I have a custom header I need to pass and cors is erroring out.

Request header field bearer is not allowed by Access-Control-Allow-Headers in preflight response

piyushpriyam commented 3 years ago

Provide your custom header like:- response.headers.add('Access-Control-Allow-Headers', 'Content-Type,Authorization,timeout')

shatriakini commented 1 year ago

@app.after_request def after_request(response): response.headers.add('Access-Control-Allow-Origin', '*') response.headers.add('Access-Control-Allow-Headers', 'Content-Type,Authorization') response.headers.add('Access-Control-Allow-Methods', 'POST') return response

need to use this.

Use this and all perfect, no need use CORS lib from flask-cors if you not use customize control allow

mofukommit commented 4 months ago

If someone is still in there with multiple origins and doesn't want to set them all manually, I have a very simple solution for that:

CORS(app,
         origins=["http://localhost:2000", "http://127.0.0.1:2000", <the rest of your origins>],
         supports_credentials=True,
         methods=["*"])

@app.after_request
        def after_request(response):
            if response.headers.get('Access-Control-Allow-Headers'):
                return response
            else:
                response.headers.add('Access-Control-Allow-Headers', 'Content-Type, Authorization, XCSRF-Token')
            return response

Nothing special, but you manually set the headers after each request if they are not set or present by your CORS.

I have done it this way before DOES NOT WORK FOR ME:

CORS(app,
         origins=["http://localhost:2000", "http://127.0.0.1:2000", <the rest of my origins>],
         supports_credentials=True,
         methods=["*"],
         resources={r"/api/*": {"origins": "*"}},
         allow_headers=['Content-Type', 'Authorization', 'XCSRF-Token'])

This returns me following response:

[Error] Request header field Content-Type is not allowed by Access-Control-Allow-Headers.

Therefore, setting the headers manually, as I did there, is crucial for me to get my API working.