New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using flask-cors with flask-restful and @before_request decorator for jwt auth #201
Comments
Any help with this would be much appreciated. Thanks! |
Hey @gwvt can you post the (non secret) details of the config file? If I have a fully working example, I will look at this tonight. Sorry for the delay! |
Great, thanks so much!
Let me know if you need any other info. |
Or here's a complete self-contained application:
Same thing, getting 'Response to preflight request doesn't pass access control check' error message when the api is called from localhost:8080, sending a request to endpoint '/test' with header 'Authorization: Bearer 12345678'. |
Sorry for the delay, I finally got a chance to look at this properly. It looks like the issue is with your origin header. What is the 'Origin' you are sending the CORS request from? Your configuration will only allow browsers to issue a CORS request from "http://127.0.0.1:8080" to your flask-cors app (running by default on localhost:5000). Example:
But, if instead your browser is pointing to something even slightly different, e.g. localhost:8080 (which would resolve to the same thing on your machine), the browser will see the issue you are reporting. The browser will issue a command similar to this, and receive a non-cors response:
Does that make sense? Sorry for the delay again! |
Thank you very much for your reply. That's my mistake in the code specifying host of origin, but that actually isn't the issue. With curl sending a normal GET request, everything works, but the issue is with the preflight request sent by the browser via the OPTIONS method with headers. I tried both with Flask-Restful as well as a standard Flask application, with the same results (see below for code). The endpoints without the before_request decorator that checks the JWT token work as expected, but sending a request to the '/test' endpoint with the before_request decorator returns this error message in Chrome:
The response body is:
The headers for the request and response are:
Is there something I'm missing is setting up CORS with the before_request decorator? Code for self-contained application, Flask-Restful:
And the equivalent plain Flask application:
|
This looks to be an application issue, |
Right. The test_headers() function assigns the value of the Authorization header to auth_header, while the test() function that is 'protected' by the before_request decorator and authorize_token function does not. I figured out that the problem was that the authorize_token function requires a test to run the function only on the passed GET method, not the preflight request, so this now works:
|
I've encountered same problem and this page helps a lot.Thx! |
You are my savior @gwvt . Thank you very much |
for what was the purpose of |
I'm trying to use flask-cors for the development configuration for a flask-restful api, simplified below:
But whatever I try I always get the error 'Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.'
Without the JWT auth piece, everything else works fine. (And the JWT auth works fine without flask-cors.) Seems like the hangup is something with using flask-cors with the before_request decorator (?).
Any suggestions?
The text was updated successfully, but these errors were encountered: