The specific issue is that the Access-Control-Allow-Credentials header in the Preflight request needs to be true, which should be taken care of by the Flask-Cors plugin (see https://flask-cors.readthedocs.io/en/latest/).
The plugin fails to set the Access-Control-Allow-Credentials header to true when the decorator is applied to the endpoint, in the following configuration:
from flask_cors import CORS
from flask import Flask, request, Response
from flask_cors.decorator import cross_origin
app = Flask(__name__)
CORS(app)
@app.route('/session/', methods=['OPTIONS','GET'])
@cross_origin(supports_credentials=True)
def session():
return "returned something", 200
app.run(debug=True)
The specific issue is that the Access-Control-Allow-Credentials header in the Preflight request needs to be true, which should be taken care of by the Flask-Cors plugin (see https://flask-cors.readthedocs.io/en/latest/).
The plugin fails to set the Access-Control-Allow-Credentials header to true when the decorator is applied to the endpoint, in the following configuration: