0

I am now building a web application using a SolidJS frontend (http://localhost:3000) and FastAPI backend (http://localhost:8000).

However, due to the CORS issue, I cannot get the result at all even if the backend server sends response with status code 200.

Here is the following code for frontend.

...
axios({
  method: 'post',
  url: 'http://localhost:8000/login',
  headers: { Accept: 'application/json' },
  params: {
    token: 'RANDOM_TOKEN_VALUE',
  },
}).then((response) => {
  console.log(response)
});
...

And here is the code for backend.

app = FastAPI()

origins = [
    'http://localhost:3000'
]


app.add_middleware(
    CORSMiddleware,
    allow_origins=origins,
    allow_credentials=True,
    allow_methods=['*'],
    allow_headers=['*'],
)


app.include_router(users.router)

...

@router.post('/login', response_model=CustomModel)
async def login(token, request: Request = None):
    ...

    return response

When I check the developer tools in Chrome browser, the backend sent the correct response with status code 200, but it is blocked due to CORS policy. However, I allowed the frontend host in the FastAPI setting, I don't know what to do.

I also share the raw request and response header in the Chrome browser.

Request header:

POST /login?token=RANDOM_TOKEN_VALUE HTTP/1.1
Accept: application/json
Accept-Encoding: gzip, deflate, br
Accept-Language: ko,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Content-Length: 0
DNT: 1
Host: localhost:8000
Origin: http://localhost:3000
Referer: http://localhost:3000/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
sec-ch-ua: "Not)A;Brand";v="24", "Chromium";v="116"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"

Response header:

HTTP/1.1 200 OK
date: Wed, 23 Aug 2023 07:54:47 GMT
server: uvicorn
content-length: 184
content-type: application/json
access-control-allow-credentials: true

Since the backend server sends the correct response, I tried to add several options to the Axios function, but none of them worked.

  1. I tried to add "crossDomain: true" in the request header, but it does not work.
  2. I tried to add "Access-Control-Allow-Origin" in the request header, but it does not work.
  3. I tried to add both "withCredentials: true" and withCredentials: false" for the Axios, but none of them worked.
snnsnn
  • 10,486
  • 4
  • 39
  • 44
S. Yong
  • 79
  • 1
  • 5
  • With an additional try, I found out that the CORS config of FastAPI is the problem. When I add '*' in origins, it works. I am now trying to find out why FastAPI does not allow the specified origins. – S. Yong Aug 23 '23 at 08:56
  • Does [this](https://stackoverflow.com/a/73963905/17865804) answer your question? – Chris Aug 23 '23 at 10:02
  • Related answers that you might find helpful can be found [here](https://stackoverflow.com/a/71805329/17865804), [here](https://stackoverflow.com/a/75041731/17865804), as well as [here](https://stackoverflow.com/a/76768156/17865804) and [here](https://stackoverflow.com/a/75048778/17865804) – Chris Aug 23 '23 at 10:04
  • Sorry, but I think it's different. The issue is not related to cookie. – S. Yong Aug 23 '23 at 10:45
  • according to this https://stackoverflow.com/a/75041731/8607640 shared by @Chris You need to add both frontend (:3000) and backend (:8000) origin to origins array – Farhan Ibn Wahid Aug 23 '23 at 11:01
  • Thanks for your advice, but it does not solve the error though. – S. Yong Aug 23 '23 at 11:43
  • @FarhanIbnWahid The backend origin never needs to be listed as an allowed origin in the CORS configuration. – jub0bs Aug 23 '23 at 16:13

0 Answers0