Thursday, 31 January 2019

Flask-sentinel /oauth/token endpoint CORS issue

I'm having issues trying to get a token from my flask-sentinel app with my front-end.

To make the AJAX requests from my front-end to my Python Eve API server I use the superagent module.

While using a Basic Authentication I don't have any issue getting data from my endpoints. See code below:

superagent
    .get( 'http://192.168.1.x:5000/endpoint' )
    .auth( this.params.username, this.params.password )
    .on( 'error', this.onError )
    .then( this.onSuccess );

If I try to request a token to the /oauth/token endpoint with this code:

superagent
    .post( 'http://192.168.1.x:5000/oauth/token' )
    .set( 'Content-Type', 'application/x-www-form-urlencoded' )
    .send( 'grant_type=password&client_id='+this.params.client_id+'&username='+this.params.username+'&password='+this.params.password )
    .on( 'error', this.onError )
    .then( this.onTokenReceived );

I get a CORS error:

Access to XMLHttpRequest at 'http://192.168.1.x:5000/oauth/token' from origin 'http://192.168.1.y:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Here are the settings of my application (omitting the database and domain settings):

SENTINEL_X_DOMAINS           = ['http://192.168.1.y:3000']
SENTINEL_X_HEADERS           = ['Authorization','Content-type','If-Match','Access-Control-Allow-Origin']
SENTINEL_X_EXPOSE_HEADERS    = SENTINEL_X_HEADERS
SENTINEL_RESOURCE_METHODS    = ['GET','HEAD','PUT','PATCH','POST','DELETE','OPTIONS']
SENTINEL_PUBLIC_METHODS      = SENTINEL_RESOURCE_METHODS
SENTINEL_X_ALLOW_CREDENTIALS = True

X_DOMAINS           = ['http://192.168.1.y:3000']
X_ALLOW_CREDENTIALS = True
X_HEADERS           = ['Authorization','Content-type','If-Match','Access-Control-Allow-Origin']
RESOURCE_METHODS    = ['GET','HEAD','PUT','PATCH','POST','DELETE','OPTIONS']

Can you please guide me in getting what I'm doing wrong?

Thank you in advance!



from Flask-sentinel /oauth/token endpoint CORS issue

No comments:

Post a Comment