Falcon CORS middleware does not work properly

Question

I'm using Falcon CORS to allow access to my web service only from several domains. But it does not work properly.

Let me explain, if we take a look at my implementation:

ALLOWED_ORIGINS = ['*']
crossdomain_origin = CORS(allow_origins_list=[ALLOWED_ORIGINS], log_level='DEBUG')

app = falcon.API(middleware=[RequireJSON(), JSONTranslator(), cors.middleware])

When I make any post request to my API service, I get this warning:

Aborting response due to origin not allowed

But, then I get the correct response from my API.
Here is an official docs about this module: https://github.com/lwcolton/falcon-cors

Answer 1

Your code does not match the falcon-cors documentation's example:

import falcon
from falcon_cors import CORS    
cors = CORS(allow_origins_list=['http://test.com:8080'])    
api = falcon.API(middleware=[cors.middleware])
#                            ^^^^^^^^^^^^^^^

Note the cors.middleware variable is being passed into the api call. In your code you are creating crossdomain_origin but not passing it into the API setup.

If this does not solve it, please provide a working code example, including the Falcon resource classes, that is easy to test and reproduce, and I'm happy to try to assist.

edit:

From comments below, it sounds like falcon-cors is working properly, rather the problem may be origin header was being omitted from the request.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

The Origin header indicates the origin of the cross-site access request or preflight request.

Answer 2

I tried as guided by lwcolton on github here

And also set allow_all_headers=True, allow_all_methods=True

i.e. same as @Ryan comment

from falcon_cors import CORS

cors = CORS(
    allow_all_origins=True,
    allow_all_headers=True,
    allow_all_methods=True,
)

api = falcon.API(middleware=[cors.middleware])