Flask-sentinel /oauth/token endpoint CORS issue
It's possible that because the content-type is not text/plain, the browser is issuing an OPTIONS request. and as stated in the console error the response does not set the 'Access-Control-Allow-Origin' header.
From looking at Eve's docs, it seems you need to set the X_EXPOSE_HEADERS variable with ['Access-Control-Allow-Origin'] that:
"Allows API maintainers to specify which headers are exposed within a CORS response. Allowed values are: None or a list of headers names. Defaults to None."
The browser expects to receive the 'Access-Control-Allow-Origin', thus the failure.Try to allow this header in the response from the API
I have sorted out how to fix this though I am not completely satisfied.
Here the steps I've followed:
- I have forked the Flask Sentinel repository
- I have installed Flas-CORS with Pip
- I have edited the
flask_sentinel/flask_sentinel.py
file by importing flask_cors - Before this line I've inserted this piece of code:
CORS(app, origins=['http://192.168.1.y:3000','https://192.168.1.y:3000'])
- I went back to my Eve project and installed Flask-Sentinel through my forked repository with Pip instead of the original one