Access to fetch at 'http://127.0.0.1:5000/account/summary' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

[JacobDel]

Python: 3.9
Works sometimes with flask-cors 4.0.0
Works always with flask-cors 3.0.10

app = Flask(__name__)
CORS(app=app, resources={r"*": {"origins": "*"}})
logging.debug('CORS initialised')

[terrynguyen255]

I've encountered the same issue with flask-cors==3.0.10.

The issue appears once after a while then vanishes after minutes/hours, then appears again without no changes, no deployment at my server.

The issue cannot be bypassed by disabling security check in Chrome browser:

• launching Chrome with security off: google-chrome --disable-web-security
• installing Chome extension to skip CORS check: https://chrome.google.com/webstore/detail/allow-cors-access-control/lhobafahddgcelffkeicbaginigeejlf

I will update this comment if I can figure it out.

[rajbirjohar]

@terrynguyen255 did you ever figure this out?

Edit:
Decided this package was terrible and came up with my own solution.

def add_cors_headers(response):
    response.headers['Access-Control-Allow-Origin'] = FRONTEND_URL  # Adjust as needed
    response.headers['Access-Control-Allow-Credentials'] = 'true'
    response.headers['Access-Control-Allow-Headers'] = 'Content-Type, Authorization'
    response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, OPTIONS'
    return response
    
###

@app.after_request
def after_request(response):
    return add_cors_headers(response)

# Handles preflight requests
@app.route('/', defaults={'path': ''}, methods=['OPTIONS'])
@app.route('/<path:path>', methods=['OPTIONS'])
def options_preflight(path):
    return add_cors_headers(make_response())