Axios post request is being denied by flask made api. CORS error coming up

Question

I am trying to add user from my react application through an API made with flask. But the post request is getting in error with the following error.

'http://localhost:5000/api/v1.0/add' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.

my axios code is following

const params = { 
        user_name  : '5678234121',
        passwd    : 'password',
        location   : 'Kolkata',
        pin_code   : '700019',
        secret_ques: 'What is your mother s maiden name?',
        answr       : 'aba',
        status      : 'Active',
        remarks    : 'test data'
     };

  const res = await Axios.post(
    'http://localhost:5000/api/v1.0/add', params, {  
    headers: {
      'content-type': 'application/json',
      'Access-Control-Allow-Origin' : '*',
      'Access-Control-Allow-Methods' : 'GET,PUT,POST,DELETE,PATCH,OPTIONS',
   },
  });

  console.log(res.data);

my flask code is following

@app.route('/api/v1.0/add', methods=["POST"])

def add():
   con = None
   db = datadir + datafile
   try:
      _json   = request.json
      _name   = _json['user_name']
      _psswd  = _json['passwd']
      _locatn = _json['location']
      _pincd  = _json['pin_code']
      _secrt  = _json['secret_ques']
      _ans    = _json['answr']
      _stat   = _json['status']
      _remks  = _json['remarks']

        # validate the received values
  if _name and _psswd and _pincd and request.method == 'POST':
        #do not save password as a plain text
     _hashed_password = base64.b64encode(_psswd.encode("utf-8"))
        # save edits
     sql = '''INSERT INTO user_mast(user_name, passwd, location, pin_code, secret_ques, answr, status, remarks ) VALUES (?, ?, ?, ?, ?, ?, ?, ?)'''
     data = (_name, _hashed_password.decode('ASCII'), _locatn, _pincd, _secrt,_ans, _stat, _remks , )

     con = sqlite3.connect( db )            # Connection to database
     cur = con.cursor()
     cur.execute(sql, data)
     con.commit()
     resp = jsonify({'Status' : 'User added successfully!'})
     resp.status_code = 200
  else :
     resp =  jsonify ({'Status' :'Mandatory fields: Name,Password,Pincode missing..'})
     resp.status_code = 502


except sqlite3.Error as e:
      resp = jsonify({'Status' :'Database Error'})
      resp.status_code = 500


except Exception as e:
      print(e)
      resp = jsonify({'Status' :'Unknown Error : Contact Administrator'})
      resp.status_code = 501
   finally:
      cur.close() 
      con.close()
   return resp

Please help me to fix the error, going clueless about this.

Answer 1

If you're new to this, I'd recommend just adding Flask-CORS to your application and not futzing around with the headers.