CORS requires pre-flight OPTIONS method requests to work without the Authorization header from the browser.
Otherwise, the browser will raise CORS errors on calls to any endpoints protected with basic auth, and the requests will not work properly. Here is an example error message from Chrome: Failed to load https://host:port/api_url: Response for preflight has invalid HTTP status code 401.
With the BASIC_AUTH_ALLOW_OPTIONS config option enabled, the OPTIONS requests are allowed, and Flask-CORS can send back the right response for the browser, so that the endpoints will work with CORS enabled.
CORS requires pre-flight
OPTIONSmethod requests to work without theAuthorizationheader from the browser.Otherwise, the browser will raise CORS errors on calls to any endpoints protected with basic auth, and the requests will not work properly. Here is an example error message from Chrome:
Failed to load https://host:port/api_url: Response for preflight has invalid HTTP status code 401.With the
BASIC_AUTH_ALLOW_OPTIONSconfig option enabled, theOPTIONSrequests are allowed, and Flask-CORS can send back the right response for the browser, so that the endpoints will work with CORS enabled.