1

My frontend (Expo Go web) is running at http://localhost:19006/ but when it receives a response from the backend, it somehow believes it runs under https://localhost:19006/

Also, the iOS version of Expo Go logs the following error:

LOG [AxiosError: Network Error]

I'm using Flask in the backend with CORS set as follows:

app = Flask(__name__)
app.config['DEBUG'] = True
app.config['CORS_HEADERS'] = 'Content-Type'
app.config['SECRET_KEY'] = os.environ.get("SECRET_KEY", 'xxx')

cors = CORS(app, resources={r"/*": {"origins": "*", "allow_headers": "*", "expose_headers": "*", "Access-Control-Allow-Origin": "*"}})

and a simple return function:

@app.route("/matches", methods=["GET"])
def getMatches():
    print('request for matches')
    response = matches.getMatches()
    return response


if __name__ == '__main__':
    app.run(ssl_context=('certs/cert.pem', 'certs/key.pem'))

My frontend part is using react native with Expo Go. The query to the backend is done this way:

export default function App() {

   const axiosApiCall = () => {

    const config = {
      headers:{
        'origin': 'https://localhost:19006' #<- Here also tried http but no change
      }
    };

 axios
  .get("https://127.0.0.1:5000/matches", config)
  .then((response) => {

      setState({quote : 'yes'});
      console.log(response.data);
    })
    .catch((error) => {
      console.log(error);
    })
}

The backend works properly fine as I can see in Postman. The result is technically showing up in the response of the web-version of Expo Go, however, it appears that there's an issue with CORS:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://127.0.0.1:5000/matches. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘https://localhost:19006’).

And here's the response header:

HTTP/1.1 200 OK

Server: Werkzeug/2.2.2 Python/3.9.16

Date: Thu, 05 Jan 2023 10:16:42 GMT

Content-Type: application/json

Content-Length: 274552

Access-Control-Allow-Origin: http://localhost:19006

Access-Control-Expose-Headers: *

Vary: Origin

Connection: close

GET /matches HTTP/1.1

Host: 127.0.0.1:5000

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:108.0) Gecko/20100101 Firefox/108.0

Accept: application/json, text/plain, */*

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate, br

Origin: http://localhost:19006

DNT: 1

Connection: keep-alive

Referer: http://localhost:19006/

Sec-Fetch-Dest: empty

Sec-Fetch-Mode: cors

Sec-Fetch-Site: cross-site

Sec-GPC: 1

Anyone any idea? Thanks!!!

Hardcoding the CORS origins: no change

Changing the query from axios to async fetch calls: no change

Including/modifying the header in the axios config: no change

Other browsers: no change

Deactivating SSL in the backend: caused other problems related to react native

oguz ismail
  • 1
  • 16
  • 47
  • 69
Patrick
  • 21
  • 3
  • 1
    `127.0.0.1` and `localhost` are two different domains (and hence, origins). Please have a look at [this answer](https://stackoverflow.com/a/74106637/17865804) and [this answer](https://stackoverflow.com/a/74407063/17865804), as well as [this](https://stackoverflow.com/a/73963905/17865804) and [this](https://stackoverflow.com/a/71805329/17865804). Although the above answers provide examples using the FastAPI framework, they also provide important information around the issue you are facing, which you might find helpful. – Chris Jan 09 '23 at 12:04
  • You cannot manually set the `origin` request header. It will be overwritten by the client – Phil Jan 13 '23 at 05:58

0 Answers0