Background
- I am running Google App Engine with Python using Flask.
- I am calling certain web assets in Google Cloud Storage buckets via https://storage.googleapis.com/*
I can verify the Access-Control-Allow-Originheader is being set on the request, as per the evidence below.
Problem
How is it then that I still get the following error in my browser (chrome).
Font from origin 'https://storage.googleapis.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.
Code
I am using the Flask Snippet "Decorator for the HTTP Access Control", to set origins as below:
@admin_articles_routes.route('/xxx/xxx/xxx-xx')
@crossdomain(origin="*")
@authenticate_admin
def edit_article():
-------- Edit-----------
Curl response
Vinays-MacBook-Pro:App-Engine vinay$ curl -version http://localhost:8080/xxxx/xxxx/xxxx-xxxx?ID=ahlkZXZ-Y2ZjLW1lbGJvdXJuZS13ZWJzaXRlcjbGUYgICAgICAgAoM
* Trying ::1...
* connect to ::1 port 8080 failed: Connection refused
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /xxx/xxxx/xxxx-xxxxx?ID=ahlkZXZ-Y2ZjLW1lbGJvdXJuZS13ZWJzaXRlcjELEgdBcnRpY2xlIhBBcnRpY2xlR3JhZHBhS2V5DAsSB0FydGljbGUYgICAgICAgAoM HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
> Referer: rsion
>
< HTTP/1.1 302 Found
< access-control-max-age: 21600
< location: http://localhost:8080/_ah/login?continue=http%3A//localhost%3A8080/xxxx/xxxxx/xxxx-xxxxx%3FID%3DahlkZXZ-Y2ZjLW1lbGJvdXJuZS13ZWJzbGUYgICAgICAgAoM
< access-control-allow-origin: *
< access-control-allow-methods: HEAD, GET
< content-type: text/html; charset=utf-8
< Cache-Control: no-cache
< Expires: Fri, 01 Jan 1990 00:00:00 GMT
< Content-Length: 575
< Server: Development/2.0
