-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Header Access-Control-Allow-Methods
not set
#310
Comments
We're facing the same issue, the
Something changed (I guess?) but not really sure is it's something that needs fixing here on in the front app... |
the preflight queries are automatically handled, and looking at the developer tools in chrome it looks like the response is not always the same. Our scenario is fairly standard:
preflight response looks good:
But this time the response looks like this:
i.e. the Access-Control-Allow-Methods header is missing. All this happens very quickly, could it be a cache problem ? I'm trying to setup add more logs to debug this, but this is all happening in a blueprint and somehow the logs gets lost, will report if I manage this. |
ok got the debug logs activated, and indeed the headers are not sent back:
So sometime we only get |
|
I tried already above, manually it works as soon as I explicitly set Access-Control-Request-Method. But in real life, I don't really control how the preflight requests are made, that's all browser driven... I get the same problem with firefox by the way. But now I start to suspect our frontend dev... I need to talk to him and I'll update. |
after more investigation and logging, this seems to happen only when flask runs in development mode, where some payload get somehow injected in the When running with gunicorn, it works fine. So I'll investigate further if I can setup a simple case where this breaks I'll follow up with flask/werkzeug. thanks for your help, nothing more from my side. |
@fatzh Any good news to report :)) ? Ironically, I don't need CORS in production. It's only in dev/debugging mode that CORS is important to have working. I tried to set the header manually with the origin '*'... nothing seems to get the Response to include the header. @projects_blueprint.route("/v1/projects/<id>", methods=['GET', 'POST', 'PATCH', 'DELETE']) # noqa: E501
def projects(id):
response = postgrest_request("get", "http://restapi:3000/projects")
return response.text, response.status_code Note: I have |
I used the simple usage example from the docs:
I used
curl -X "OPTIONS" -I http://127.0.0.1:5000/
to check the headers and received the following output:For my understanding the
Access-Control-Allow-Methods
header is missing.I changed
CORS(app)
toCORS(app, methods=["GET"])
. Still the same result.My
requirements.txt
looks like this:This causes the
OPTIONS
preflight check in our apps to fail. Are we doing something wrong or is this an issue?The text was updated successfully, but these errors were encountered: