Implementing CORS for Flask API accessed by Angular and Flutter apps

Question

I'm developing a web application using Flask for the backend and Angular for the frontend, both hosted on the same origin. Additionally, I have a mobile app built with Flutter that will consume APIs from the (same)Flask backend.

1. Current Setup: My Flask backend serves APIs to my Angular frontend, both hosted on the same origin (same domain, protocol, and port). I understand that in this setup, same-origin requests are allowed by default.

2. Flutter App Access: However, I'm unsure about how to handle CORS for requests coming from my Flutter mobile app. Since the Flutter app is running on mobile devices, how does this affect the origin of requests to my Flask backend?

3. CORS Implementation: Do I need to implement CORS handling for requests coming from the Flutter app? If so, what would be the origin of these requests, considering they're from mobile devices? Would the origin differ for iOS and Android devices?

4. Flask-CORS Usage: Should I use the Flask-CORS extension to handle CORS for requests from the Flutter app, even if it's hosted on mobile devices? Or is there a different approach I should take to ensure security while allowing access to my Flask APIs?

5. Best Practices: What are the best practices for implementing CORS in a scenario like mine, where I have multiple frontend clients (Angular and Flutter) accessing the same Flask backend?

I want to ensure that my Flask backend remains secure while allowing my Angular and Flutter apps to communicate with it effectively. Any insights or recommendations on how to handle CORS in this setup would be greatly appreciated. Thank you!