js fetch error: blocked by CORS policy : Forums : PythonAnywhere

js fetch error: blocked by CORS policy

Hi, I am trying to get the file list of mysite use javascript fetch

var url = api_base + "files/path/home/" + username + "/mysite/" 
fetch(url, {
headers: { 
  'Authorization': 'Token '+api_token
 },
method: 'GET', 
})
.then(response => {console.log(response)})

It gives me CORS error: Access to fetch at 'https://www.pythonanywhere.com/api/v0/user/shihm714/files/path/home/shihm714/mysite/' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

If I run a similar request in Python, it works totally fine. What's the mistake in my js code and settings? Please help me, thank you!

deleted-user-8290749 | 4 posts | Sept. 18, 2020, 1:12 p.m. | permalink

The browser is blocking those requests because we do not provide CORS headers from our API, so it cannot be used from a browser. It would be a huge security issue if we allowed browsers to access the API.

glenn | 9498 posts | PythonAnywhere staff | Sept. 18, 2020, 2:37 p.m. | permalink

Thank you for your reply! So I cannot use a flask app as a webpage backend?

deleted-user-8290749 | 4 posts | Sept. 18, 2020, 2:41 p.m. | permalink

Sure you can. As long as you set the CORS headers correctly in the Flask app.

glenn | 9498 posts | PythonAnywhere staff | Sept. 18, 2020, 3:12 p.m. | permalink

I want to download a generated file from mysite files use web request, is that possible?

deleted-user-8290749 | 4 posts | Sept. 18, 2020, 3:19 p.m. | permalink

Sure. You'd just need to serve the file from your web app (most frameworks will have a way to serve a file) and make sure that the view that serves the file sets the CORS headers correctly.

glenn | 9498 posts | PythonAnywhere staff | Sept. 18, 2020, 4:25 p.m. | permalink

I tried flask-cors but it dosen't work. Will you please give me an example of how to set it? Thank you so much!

deleted-user-8290749 | 4 posts | Sept. 20, 2020, 6:51 p.m. | permalink

The documentation for Flask-CORS is going to be much better at explaining what you need to do than I am.

glenn | 9498 posts | PythonAnywhere staff | Sept. 20, 2020, 7:21 p.m. | permalink

I have the same issue. I have enabled password protection to my site under development with username and password in the pythonanywhere webApp. I am getting preflight CORS error during authorization. I am able to access the site if I disable the password. Looks like I cannot get around the CORS error as you don't support CORS from your API. Please confirm.

krishvani | 2 posts | Oct. 7, 2022, 12:40 a.m. | permalink

@krishvani Send us more details to support@pythonanywhere.com

fjl | 4352 posts | PythonAnywhere staff | Oct. 7, 2022, 3:53 p.m. | permalink