install all dependencies
Why cros is used in backend or to fetch data from backend using frontend with two different port
install all dependencies
npm i
=====================or========================
npm install
=====================or==============
To run react project
npm start
install specific packages
npm i package1 package2
Why cros is used in backend
CORS (Cross-Origin Resource Sharing) is used in the backend to control how resources are accessed by frontends or applications running on different origins. It’s an essential security feature implemented in browsers to protect users, but it can also introduce challenges when building applications with separate frontend and backend services.
Why CORS is Needed in the Backend
`When a frontend application`
(e.g., a React app running on localhost:3000) `needs
to fetch data or interact with a backend API`
(e.g., Flask backend on localhost:5000)
Browser Security Policy (Same-Origin Policy):
By default, browsers enforce a Same-Origin Policy to prevent malicious websites from making unauthorized requests to other servers. The policy allows a frontend application to access resources only if the frontend and backend share the same origin (scheme, domain, and port).
Example:
Frontend origin: http://localhost:3000
Backend origin: http://localhost:5000
The request is blocked because the origins differ.
Enable Cross-Origin Requests:
When a frontend application
(e.g., a React app running on localhost:3000) needs to fetch data or interact with a backend API
(e.g., Flask backend on localhost:5000), CORS headers must be explicitly enabled on the backend to allow such requests.
Custom Headers or Methods:
If your frontend makes requests with custom headers (e.g., Authorization) or HTTP methods (e.g., PUT, DELETE), the browser sends a preflight request (an OPTIONS request) to ensure the server allows these headers or methods.
The backend must handle and respond to these requests with appropriate CORS headers.
What CORS Does
CORS specifies how servers can declare which clients (origins) are allowed to access their resources. It works by setting HTTP headers in the backend's responses.
Key headers include:
Access-Control-Allow-Origin: Specifies which origins are allowed to access the resource. For example:
Access-Control-Allow-Origin: * (Allows any origin)
Access-Control-Allow-Origin: http://localhost:3000 (Allows only the specified origin)
Access-Control-Allow-Methods: Specifies which HTTP methods are allowed (e.g., GET, POST, PUT).
Access-Control-Allow-Headers: Specifies which custom headers (e.g., Authorization) the client is allowed to use in requests.
Access-Control-Allow-Credentials: Allows credentials (e.g., cookies, Authorization headers) to be sent with requests.
from flask import Flask
from flask_cors import CORS # Import CORS
from config import Config # Import configuration class
from extensions import db # Import the database instance
from views import main # Import the main
blueprint
from flask_cors import CORS
app = Flask(__name__)
CORS(app) # Enable CORS for all routes
_init_.py
def create_app():
"""Application Factory Pattern"""
# Create a Flask app instance
app = Flask(__name__)
# Load configuration from Config class
app.config.from_object(Config)
# Initialize extensions
db.init_app(app)
# Enable CORS for the app
CORS(app)
# Register blueprints
app.register_blueprint(main) # Register `main` blueprint
return app
Top comments (0)