With the Flask-CORS module, you can do cross-domain requests without changing your code.

from flask.ext.cors import CORSapp = Flask(__name__)cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

• https://pypi.python.org/pypi/Flask-Cors
• https://github.com/corydolphin/flask-cors

Update

As Eric suggested, the flask.ext.cors module is now deprecated, you should rather use the following code:

from flask_cors import CORSapp = Flask(__name__)cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

You can use the after_request hook:

@app.after_requestdef after_request(response):    response.headers.add('Access-Control-Allow-Origin', '*')    response.headers.add('Access-Control-Allow-Headers', 'Content-Type,Authorization')    response.headers.add('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE')    return response

I resolved the issue by rewriting my Flask backend to answer with an Access-Control-Allow-Origin header in my PUT response. Furthermore, I created an OPTIONS handler in my Flask app to answer the options method by following what I read in the http RFC.

The return on the PUT method looks like this:

return restful.request.form, 201, {'Access-Control-Allow-Origin': '*'} 

My OPTIONS method handler looks like this:

def options (self):    return {'Allow' : 'PUT' }, 200, \    { 'Access-Control-Allow-Origin': '*', \      'Access-Control-Allow-Methods' : 'PUT,GET' }

@tbicr is right: Flask DOES answer the OPTIONS method automatically for you. However, in my case it wasn't transmitting the Access-Control-Allow-Origin header with that answer, so my browser was getting a reply from the api that seemed to imply that cross-domain requests were not permitted. I overloaded the options request in my case and added the ACAO header, and the browser seemed to be satisfied with that, and followed up OPTIONS with a PUT that also worked.