When I set up a server with Flask to experiment with experimental functions, the server’s API is blocked by the CORS policy when I try to read the JS of the content placed on another server.

:

Access to fetch at 'http://localhost:5000/api/' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

server-side

  from flask import Flask
+ from flask_cors import CORS

  app = Flask(__name__)
+ CORS(app)

client-side diff

  fetch("http://localhost:5000/api/", {
+  mode: "cors",
   method: "POST",
    body: JSON.stringify(data),
    headers: {
      "Content-Type": "application/json",
    },
  }).then((response) => {

Flask receives the data as json since it is hit with “Content-Type”: “application/json”.

preflight request is 308 Permanent Redirect in OPTIONS

  • Caused by trailing slash

This page is auto-translated from /nishio/Flask-CORS using DeepL. If you looks something interesting but the auto-translated English is not good enough to understand it, feel free to let me know at @nishio_en. I’m very happy to spread my thought to non-Japanese readers.