flask-cors authenticated requests with current_user #220
Description
I have added after creating flask app instance
CORS(app, supports_credentials=True)
for login and checking authentication I am using
@app.route('/check_auth', methods=['GET'])
def check_auth():
if current_user.is_authenticated:
return success({ "message": 'Logged in', "user": current_user.obj_to_dict() })
return error('Not logged in', status_code=403)
@app.route('/login', methods=['POST'])
def login():
"""Login Form"""
username = request.json['username']
password = request.json['password']
data = User.query.filter_by(username=username).first()
if data and bcrypt.check_password_hash(data.password, password.encode('utf-8')):
login_user(data)
dataDict = data.obj_to_dict(skip_columns=['password'])
return success({ "message": 'successful', "data": dataDict })
else:
return error('Wrong username or password', status_code=403)
current_user.is_authenticated results false. But works perfectly fine in postman. Also if I remove CORS and try current_user.is_authenticated it works. So I'm sure issue is related with CORS.
Many similar issues are already present. Looking through them suggests that session problem is solved by using supports_credentials=True but current_user returns anonymous for me even after setting this argument