FastAPI: CORS Middleware not working with GET method

Question

I try to use CORS on the FastAPi framework but it dose not working with GET method

Here's the code I'm working on:


from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware

app = FastAPI()

app.add_middleware(
    CORSMiddleware,
    allow_origins=['*'],
    allow_methods=["*"],
    allow_headers=["*"],
)


@app.get("/test1")
async def test1():
    return {"message": "Hello World"}

@l.b.vasoya Here is the response header: content-length: 25 content-type: application/json date: Tue,08 Dec 2020 08:02:07 GMT server: uvicorn — Mohammad FaRis, Dec 08 '20 at 08:03
I think you have to mention which method is you want to allow you need to specify all method except `get` in `allow_methods=["*"]` like `allow_methods=["POST","PUT","DELETE"],` etc — l.b.vasoya, Dec 08 '20 at 08:19
my question is CROS is working fine with all method except GET ... so why i should except it .? @l.b.vasoya — Mohammad FaRis, Dec 08 '20 at 08:31
Please include the request/response headers and the error message if there are any. — Daniel W., Feb 17 '23 at 11:31

score 11 · Answer 1 · edited Feb 22 '22 at 11:07

11

I had the same issue and the solution is to not use add_middelware but do the following:

First import from Starlette:

from starlette.middleware import Middleware
from starlette.middleware.cors import CORSMiddleware

Create the middleware:

middleware = [
    Middleware(
        CORSMiddleware,
        allow_origins=['*'],
        allow_credentials=True,
        allow_methods=['*'],
        allow_headers=['*']
    )
]

and then:

app = FastAPI(middleware=middleware)

This should work

edited Feb 22 '22 at 11:07

DollarAkshay

2,063
1
21
39

answered Feb 01 '21 at 14:55

Sam_Ste

334
2
16

Honestly, not working for me! – Bhavesh Achhada Dec 28 '22 at 06:50
Yeap, works for me too. For some reason that `add_middleware` method does not work. – tteguayco Jul 26 '23 at 11:33

Herc53 · Answer 2 · 2023-02-17T11:19:58.193

When testing, make sure you add Origin header to your request. Otherwise CORSMiddleware will not send back the cors headers.

It may not be clear at first, but it is written here in the documentation:

Simple requests

Any request with an Origin header. In this case the middleware will pass the request through as normal, but will include appropriate CORS headers on the response.

So any request without an Origin will be ignored by CORSMiddleware and no CORS headers will be added.

score 3 · Answer 3 · answered Apr 13 '21 at 16:43

Thanks @Sam_Ste, I had the same problem! I set my imports back to FastAPI and it still works. I think they are just proxies for the starlette modules (IMHO). The method is the vital thing, not using app_middleware.

from fastapi.middleware import Middleware
from fastapi.middleware.cors import CORSMiddleware

score 1 · Answer 4 · answered Dec 28 '22 at 11:41

For me, none of the above mentioned ideas worked. I had to create a custom middleware like this.

@app.middleware("http")
async def cors_handler(request: Request, call_next):
    response: Response = await call_next(request)
    response.headers['Access-Control-Allow-Credentials'] = 'true'
    response.headers['Access-Control-Allow-Origin'] = os.environ.get('allowedOrigins')
    response.headers['Access-Control-Allow-Methods'] = '*'
    response.headers['Access-Control-Allow-Headers'] = '*'
    return response

FastAPI: CORS Middleware not working with GET method

4 Answers4

Linked