This article shows how to support cross-origin requests in a Flask app when you DO NOT want an extension like Flask-CORS.
from flask import Flask
app = Flask(__name__)
@app.after_request
def set_cors(resp):
resp.headers["Access-Control-Allow-Origin"] = "*"
resp.headers["Access-Control-Allow-Methods"] = "*"
resp.headers["Access-Control-Allow-Headers"] = "*"
resp.headers["Access-Control-Max-Age"] = "600" # 600 seconds
return resp
You may tune the response headers as needed.