Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[BUG] Unable to set CORS headers
See original GitHub issueDescribe the bug
Attempting to add CORS headers does not work.
To Reproduce There are two ways to add the CORS headers- using the Starlette CORS middleware, or by manually adding headers. Neither work.
from fastapi import FastAPI
from starlette.middleware.cors import CORSMiddleware
app = FastAPI()
app.add_middleware(CORSMiddleware, allow_origins=['*'])
@app.get('/ping', content_type=UJSONResponse)
def health_check():
return UJSONResponse({'status': 'ok'}, headers={'Access-Control-Allow-Origin': '*'})
It looks like the middleware is just completely ignored, and the headers defined in the routes don’t work when the “OPTIONS” verb is used.
Expected behavior The CORS headers should be set.
Environment:
Tested with tiangolo/uvicorn-gunicorn-fastapi:python3.6.
Issue Analytics
- State:
- Created 4 years ago
- Comments:8 (2 by maintainers)
Top Results From Across the Web
3 Ways to Fix the CORS Error — and How the Access-Control ...
Fix one: install the Allow-Control-Allow-Origin plugin. The quickest fix you can make is to install the moesif CORS extension .
Read more >CORS errors - HTTP - MDN Web Docs - Mozilla
If the CORS configuration isn't setup correctly, the browser console will present an error like "Cross-Origin Request Blocked: The Same Origin ...
Read more >Bug related to CORS - No Access Control Allow Origin
It's not certain, but it seems likely that CORS headers aren't being included because the request is actually returning some other kind of...
Read more >Resolved - Unable to change CORS header - Plesk Forum
add_header 'Access-Control-Allow-Origin' 'https://example.com'; Then I moved / renamed my domain from example.com to example2.com and had to ...
Read more >Dealing with image CORS error in Chrome, Chromium and ...
Setting crossOrigin="anonymous" makes the browser add an Origin header on the request, that's all. The problem here is that AWS S3 chooses to ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@CoderCharm, we ran into this issue a while back it is due to CORS policies: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials
If the request sends credentials then you are not allowed any origin (i.e
allow_origins=['*']) and the origin must be ‘reflected’ back by the Middleware dynamically (Which is what the regex does):https://github.com/encode/starlette/blob/93878323e57e0bab92b4622849c67f5a7c96b24e/starlette/middleware/cors.py#L107
Aha! Hehe great.