33

I'm running a Flask-Restful API locally and sending a POST request containing JSON from a different port. I'm getting the error

No 'Access-Control-Allow-Origin' header is present on the requested resource.

However, when I run

curl --include -X OPTIONS http://localhost:5000/api/comments/3 --header Access-Control-Request-Method:POST --header Access-Control-Request-Headers:Content-Type --header Origin:http://localhost:8080

I get

HTTP/1.0 200 OK Content-Type: text/html; charset=utf-8 Allow: HEAD, GET, POST, OPTIONS Access-Control-Allow-Origin: http://localhost:8080 Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT Vary: Origin Access-Control-Allow-Headers: Content-Type Content-Length: 0

which shows "Access-Control-Allow-Origin" as "*". GET works fine, it's just POST that gives this error. What could be going wrong? If relevant, for the frontend I'm using react and requesting through axios.

Improve this question
1
  • Hi, did you find a solution? I have landed in the same exact situation, any updates would help. Commented Mar 3, 2021 at 8:21

4 Answers 4

Reset to default
6

In my case, a CORS error raised because of an internal error. An error completely unrelated to CORS, which should return 500, was causing this.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

How did you finally discover that it was 500 error?
5

You have to add CORS(app, resources={r"/*": {"origins": "*"}}) into your flask app.

Hope that solves the issue.

Improve this answer

2 Comments

for more info about CORS see: stackabuse.com/…
thanks, unfortunately also with the added resources it still only works for me for get
5

the Flask-Cors docs explain why this might happen

"When using JSON cross origin, browsers will issue a pre-flight OPTIONS request for POST requests. In order for browsers to allow POST requests with a JSON content type, you must allow the Content-Type header. The simplest way to do this is to simply set the CORS_HEADERS configuration value on your application: e.g."

https://flask-cors.readthedocs.io/en/1.9.0/

app.config['CORS_HEADERS'] = 'Content-Type'
Improve this answer

1 Comment

What should you put instead of "content-type" in order to allow browser to run an angular app that is requesting data from the server?
1

In Post request browser send an OPTIONS request as a pre-flight request before it excutes post so enabling the OPTIONS request on your server with proper CORS headers will resolve this issue.

The CORS (Cross-Origin Resource Sharing) error occurs when a web application running in a browser tries to make a request to a different domain (origin) than the one it was loaded from. CORS is a security mechanism implemented in web browsers to prevent cross-origin requests by default, for security reasons. The basic logic behind the CORS error is as follows:

  1. When a web application running in a browser makes a request to a different domain, the browser automatically sends an HTTP request called a "preflight" request to check if the cross-origin request is allowed. The pre-flight request is of OPTIONS type.

  2. The server receiving the preflight request must respond with appropriate CORS headers indicating that the cross-origin request is allowed.

  3. If the server does not respond with the necessary CORS headers or responds with incorrect headers, the browser blocks the actual request and throws a CORS error.

The CORS headers that the server should include in its response are:

  1. Access-Control-Allow-Origin: Specifies the allowed origin(s) for the cross- origin request. It can be a specific domain or '*' to allow requests from any origin.

  2. Access-Control-Allow-Methods: Specifies the allowed HTTP methods for the cross-origin request, such as GET, POST, PUT, DELETE, etc.

  3. Access-Control-Allow-Headers: Specifies the allowed headers for the cross- origin request, such as Content-Type, Authorization, etc.

  4. Access-Control-Allow-Credentials: Optional header that indicates whether the browser should include credentials (e.g., cookies, HTTP authentication) in the cross-origin request.

I was using the azure function httpTrigger to run the http post request in my flask application. So allowing options request in function.json file resolves the issue for me.

"methods": ["get","post","options"]

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.