The latest articles on DEV Community by Alvooh (@westsidedev). https://dev.to/westsidedev https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1361427%2F01e54a23-ccf6-4280-9fca-6c0efae6b888.jpeg https://dev.to/westsidedev en Alvooh Mon, 10 Mar 2025 02:16:52 +0000 https://dev.to/westsidedev/fixing-cors-issues-in-a-flask-react-app-2ndj https://dev.to/westsidedev/fixing-cors-issues-in-a-flask-react-app-2ndj <p>Cross-Origin Resource Sharing (CORS) issues are a common headache when integrating a Flask backend with a React frontend. If you've encountered errors like:</p> <p>Access to fetch at '<a href="http://localhost:5000/api/data" rel="noopener noreferrer">http://localhost:5000/api/data</a>' from origin '<a href="http://localhost:3000" rel="noopener noreferrer">http://localhost:3000</a>' has been blocked by CORS policy.</p> <p>Then you’re not alone! In this post, I'll walk you through what CORS is, why this happens, and how to fix it.</p> <p>What is CORS?</p> <p>CORS is a security feature implemented by web browsers to prevent unauthorized access to resources from different origins. An "origin" consists of the protocol (http/https), domain, and port. If your React frontend (<a href="http://localhost:3000" rel="noopener noreferrer">http://localhost:3000</a>) tries to fetch data from a Flask backend (<a href="http://localhost:5000" rel="noopener noreferrer">http://localhost:5000</a>), the browser blocks the request unless the server explicitly allows it.</p> <p>How to Fix CORS Issues in Flask</p> <ol> <li>Install Flask-CORS</li> </ol> <p>Flask does not handle CORS by default. To enable it, install the flask-cors package:</p> <p>pip install flask-cors</p> <ol> <li>Enable CORS in Your Flask App</li> </ol> <p>Modify your Flask app to include CORS support:</p> <p>from flask import Flask, jsonify<br> from flask_cors import CORS</p> <p>app = Flask(<strong>name</strong>)<br> CORS(app) # Enables CORS for all routes</p> <p>@app.route("/api/data")<br> def get_data():<br> return jsonify({"message": "CORS is now enabled!"})</p> <p>if <strong>name</strong> == "<strong>main</strong>":<br> app.run(debug=True)</p> <p>This allows requests from any origin. If you want to restrict access, specify allowed origins like this:</p> <p>CORS(app, origins=["<a href="http://localhost:3000%22%5D" rel="noopener noreferrer">http://localhost:3000"]</a>) # Allow only requests from React frontend</p> <ol> <li>Enabling CORS for Specific Routes</li> </ol> <p>If you prefer more control, apply CORS to specific routes:</p> <p>from flask_cors import cross_origin</p> <p>@app.route("/api/data")<br> @cross_origin(origin="<a href="http://localhost:3000%22" rel="noopener noreferrer">http://localhost:3000"</a>)<br> def get_data():<br> return jsonify({"message": "CORS applied to this route only"})</p> <p>Handling CORS on the React Side</p> <ol> <li>Using Proxy in Development</li> </ol> <p>In your React project’s package.json, add:</p> <p>"proxy": "<a href="http://localhost:5000" rel="noopener noreferrer">http://localhost:5000</a>"</p> <p>This tells React to forward API requests to Flask without triggering CORS issues.</p> <ol> <li>Using Fetch with CORS Options</li> </ol> <p>If you’re making API calls manually, include CORS options:</p> <p>fetch("<a href="http://localhost:5000/api/data" rel="noopener noreferrer">http://localhost:5000/api/data</a>", {<br> method: "GET",<br> headers: {<br> "Content-Type": "application/json",<br> },<br> mode: "cors"<br> })<br> .then(response =&gt; response.json())<br> .then(data =&gt; console.log(data))<br> .catch(error =&gt; console.error("Error:", error));</p> <p>Conclusion</p> <p>CORS issues can be frustrating, but they are easy to fix with the right approach. By using Flask-CORS and configuring it correctly, you can ensure smooth communication between your Flask backend and React frontend. If you found this helpful, let me know in the comments or share your own experience with CORS.</p>