I am running an elm frontend via elm-reactor on localhost:8000. It is supposed to load json files from a falcon backend running via gunicorn on localhost:8010. This fails.
The frontend is able to load static dummy files served by elm-reactor (:8000) but when I try to replace the dummies by the actual backend (:8010) it fails due to a missing header:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8010/api/sheets. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
The error message from the Firefox Inspector seems reasonably clear, but I'm at a loss how to fix that. I already installed a CORS middleware in falcon, but that didn't improve the situation at all.
from falcon_cors import CORS
cors = CORS(allow_origins_list=['*'])
api = falcon.API(middleware=[cors.middleware])
I did also try to use the origins 'localhost:8000' and 'localhost' but neither works.
Any idea how to fix this?
It turns out that falcon_cors offers allow_all_origins=True as a parameter. This fixes my problem, but isn't a perfect solution.
When using POST requests as well allow_all_methods=True should be set as well.