flask-cors: Getting CORS preflight error even with flask cors initialized

Hey guys, I’ve been trying to get flask_cors to work for over two weeks now, so thought that I would write an issue.

Here’s what is in the init.py file

app = Flask(__name__, static_url_path='/static')
app.config.from_pyfile('config.py')

cors = CORS(resources={
    r'/*': {
        'origins': [
            'http://localhost:8080'
        ]
    }
})

cors.init_app(app)

The error that I’m getting is:

login?redirectNotebook=rose.intro:1 Access to XMLHttpRequest at 'http://localhost:5000/users' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

Went into the library to poke around and it looks like the after request isn’t being called. The backend is running on localhost:5000 and the frontend is running on localhost:8080, any help would be greatly appreciated!

About this issue

Original URL
State: open
Created 3 years ago
Reactions: 5
Comments: 24

Most upvoted comments

@Elynad what I did is

from flask import Response

@current_app.before_request
def basic_authentication():
    if request.method.lower() == 'options':
        return Response()

+36

shrhawk-entertainer on Jul 21, 2021

@joaodlf

You can use this way. because it’s work for me

@app.before_request def before_request(): headers = { 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS', 'Access-Control-Allow-Headers': 'Content-Type' } if request.method == 'OPTIONS' or request.method == 'options': return jsonify(headers), 200

it solve the cors issue

guruprakashIT on May 23, 2023

Did someone find some solution? It really sucks…

This worked brilliantly for me: https://github.com/corydolphin/flask-cors/issues/292#issuecomment-883929183

echoboomer on Jun 20, 2022

I gave up a long time ago and used a different lib, appreciate it though.

ryanbrwr on Jul 15, 2021

@ryanbrwr Does your OPTIONS call to server return 200 OK?

CrafterSvK on Jul 15, 2021

This before request setup worked for me

@app.before_request
def before_request():
    headers = {'Access-Control-Allow-Origin': '*',
               'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS',
               'Access-Control-Allow-Headers': 'Content-Type'}
    if request.method.lower() == 'options':
        return jsonify(headers), 200

mahendra-taiyo on Mar 29, 2024

from flask import Response

@current_app.before_request def basic_authentication(): if request.method.lower() == ‘options’: return Response()

Wow. This works for me too. Effectively returning a 200 on OPTIONS requests (pre flight).

My app has no issues under 127.0.0.1 using this library, but as soon as I switched to localhost, I was hitting this same issue.

Would really like to understand why.

joaodlf on Jun 24, 2022

@shrhawk-entertainer It seems to be a good answer, but where do you get request from ?

MeyerMathieu on Jul 21, 2021

@cohi-dev Yes, I did

Here is a part of my code :

from flask import Flask
from flask_cors import CORS
from typing import List, Dict
import mysql.connector
import json

app = Flask(__name__)
CORS(app)

[...]

@app.after_request
def add_header(response):
    response.headers['Access-Control-Allow-Origin'] = '*'
    return response

@app.route('/')
def hello() :
    return 'This is a test to check if the api is working.'

I also tried to replace CORS(app) with cors = CORS(app, resources={r"/*": {"origins": "*"}})

And I also tried to add @cross_origin() under each @app.route([...])

The thing is, everything is working fine in local (I am using dockers), but when these dockers are deployed on AWS EC2 instance, I get an XMLHttpRequest error 😕

MeyerMathieu on Jul 17, 2021