Access to XMLHttpRequest at 'http://...' from origin 'http://localhost:8000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

[jennykwan]

I'm getting the following error when using axios in redux-saga in react to post a multipart/form-data:

Access to XMLHttpRequest at 'http://...' from origin 'http://localhost:8000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

My Flask-CORS config is dead simple:

app = flask.Flask(__name__)
flask_cors.CORS(app)

I see nothing in the docs referencing any non-default options to pass preflight checks for origin '*'. I'm not using cookies. What am I missing?

[haibeey]

you probably want to @cross_origin() decorators to your routes

[mukeshsharma1201]

I am getting the same issue. I tried using supports_credentials , expose_headers , allow_headers. Nothing seems to help.

[victorct-pronto]

We are getting the same issue, any update on this, it happens randomly

[HarpSun]

I have hit the same issue recently, and at last I found it was caused by the unmatch of request url. For example, at flask, I claim a url as this

@app.route('/user/', methods=['GET'])

but the url frontend requesting is '/user'，this will cause the flask returned a 308 redirect response which is not allowed by Cors preflight request.

So the conclusion is making the backend url and frontend url stricly match will solve the problem. I hope this helps.

[sanjeev0007]

Thanks @HarpSun it worked for me:)

[mukeshsharma1201]

can confirm, @HarpSun solution works!

[hans2520]

I have hit the same issue recently, and at last I found it was caused by the unmatch of request url. For example, at flask, I claim a url as this

@app.route('/user/', methods=['GET'])

but the url frontend requesting is '/user'，this will cause the flask returned a 308 redirect response which is not allowed by Cors preflight request.

So the conclusion is making the backend url and frontend url stricly match will solve the problem. I hope this helps.

You can also try @app.route('/user/', methods=['GET'], strict_slashes=False) to make this work without getting the 308 response.

[johnarumemi-qs]

I have hit the same issue recently, and at last I found it was caused by the unmatch of request url. For example, at flask, I claim a url as this

@app.route('/user/', methods=['GET'])

but the url frontend requesting is '/user'，this will cause the flask returned a 308 redirect response which is not allowed by Cors preflight request. So the conclusion is making the backend url and frontend url stricly match will solve the problem. I hope this helps.

You can also try @app.route('/user/', methods=['GET'], strict_slashes=False) to make this work without getting the 308 response.

for app wide configuration of this try:

app.url_map.strict_slashes = False

Thanks for the solution @hans2520 , that led me to this solution I found elsewhere.

[Rodrigolmti]

I have hit the same issue recently, and at last I found it was caused by the unmatch of request url. For example, at flask, I claim a url as this

@app.route('/user/', methods=['GET'])

but the url frontend requesting is '/user'，this will cause the flask returned a 308 redirect response which is not allowed by Cors preflight request.

So the conclusion is making the backend url and frontend url stricly match will solve the problem. I hope this helps.

I hope more people see your response, there is several links and issues open about this problem and none of them mention this. This solve my problem.

I started to get this error after migrating my api's to blueprints, and didn't notice that the path was different.

Thank you.