To me it seems like you're doing double duty. You're using the CORS module, but you're also manually adding the headers with the @after_request decorator. I am not 100% if that's causing the issue, but you can try disabling the CORS module and just (only) add them manually

to be exact, comment out this line:

CORS(app, resources={r"*": {"origins": "*"}})

you also wont need this if it works

from flask_cors import CORS  # Import CORS

also, maybe unrelated, but this seems a little weird to me:

@app.route('/api/parse-resume', methods=['OPTIONS'])
def options():
    return jsonify({'status': 'ok'})

OPTIONS requests are automatic preflight requests, I don't see why you're handling them with an actual route. I wouldn't rely to check if your api works based on this route, probably just remove it entirely - or maybe you meant to use a GET method instead?