Access-Control-Allow-Origin is not working

Question

I've been trying for hours to allow an angularjs client (localhost:5000) to access the resources of a python server using flask (localhost:5001), but I keep receiving the same error message "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5001/api. (Reason: expected 'true' in CORS header 'Access-Control-Allow-Credentials').

So far I've tried to:

Allow CORS via flask_cors using

from flask_cors allow CORS
api = Blueprint('api', __name__)
CORS(api, resources={"/api/*: {"origins": "*"}})

Use angular http-proxy-middleware, both with

server.middleware = proxy('/api', {target: 'http://localhost:5001', changeOrigin:true});

and

server.middleware = proxy('/api', {target: 'http://localhost:5001', changeOrigin:true, onProxyRes: function(proxyRes, req, res){proxyRes.headers['Access-Control-Allow-Origin']='*';}});

The Access-Control-Allow-Origin field in the response header is "http://localhost:5000" and not "http://localhost:5001", which is (if I understand it right), what I need. Any ideas?

texdade texdade · Accepted Answer · 2019-02-22T15:38:23

I had the same problem and fixed it using the CORS decorator @cross_origin() using the parameter supports_credentials=True (note that you can't use origin='*' and support_credentials=True at the same time)

More infos can be found here

Access-Control-Allow-Origin is not working

1 Answers