Add support for CORS preflight OPTIONS requests (#2006) #2281
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
foxfire52
changed the title
# Review for Pull Request: Add support for CORS preflight OPTIONS requests (#2006)
Hi there!
Thank you for contributing to the project! Your implementation of CORS support through the `FastAPI CORSMiddleware` is a great step forward in addressing the CORS issues raised in issue #2006.
## What I Liked
- **Clear Problem Statement**: You effectively outlined the issue with CORS and its impact on local hosted browser apps. This context is helpful for reviewers and future contributors.
- **Proposed Solution**: Using `allow_origin_regex=".*"` is a smart approach to handle the preflight requests while allowing necessary credentials. This solution directly addresses the challenge mentioned in the problem statement.
- **Well-Structured Code**: The diff is clean and easy to follow, making it straightforward to understand the changes you've made.
## Suggestions for Improvement
- **Documentation**: Consider adding a brief comment above the middleware configuration to explain the rationale for using `allow_origin_regex=".*"` as opposed to listing specific origins. This could help future maintainers understand the choice quickly.
- **Tests**: If possible, it would be beneficial to include some tests that verify the CORS behavior, particularly for OPTIONS requests. This will ensure that the functionality works as intended and will help catch any regressions in the future.
Overall, this is a valuable contribution that will enhance the usability of the API for many developers. Thank you once again for your work!
Best,
g4f copilot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue
Interference API server doesn't support CORS protocol, so it can't handle OPTIONS preflight requests.
Issue #2006 shows a failed fetch request from browser and suggests a possible solution.
This feature is needed because local hosted browser apps can't call the API server, failing with CORS error mentioned in #2006.
Proposed Solution
Implement FastAPI CORSMiddleware handler.
Info: According to FastAPI documentation, if allow_origins is set to ['*'], credentials (Cookies, Authorization headers...) are not allowed, so origins must be specified to comply with fetch() Browser standard.
So I follow this alternative solution Puzzling error with FastAPI's CORS middleware - StackOverflow
and use allow_origin_regex=".*" instead, which sets a correct Access-Control-Allow-Origin header.