I have a Flask app with the following:
app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
@app.after_request
def add_headers(response):
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Headers'] = "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With"
response.headers['Access-Control-Allow-Methods']= "POST, GET, PUT, DELETE, OPTIONS"
return response
# some stuff
if __name__ == "__main__":
app.run(host="0.0.0.0", port=5000)
But I still get CORS error in the browser. I am running the app on Gitpod. If I set the port to public it works fine, but I shouldn't have to have a publicly available API endpoint just to get this working on the same server.
If using javascript fetch, fetch does not include credentials by default, you should do
fetch("<Your URL>", { credentials: 'include' })