I am trying to enable CORS in FastAPI on my localhost with credentials enabled. According to the docs we must explicitly set allow_origins in this case:
from fastapi import FastAPIfrom fastapi.middleware.cors import CORSMiddleware, Responseapp = FastAPI()app.add_middleware( CORSMiddleware, allow_origins=['http://localhost:8000'], allow_credentials=True, allow_methods=['*'], allow_headers=['*'])@app.get('/')def main(): return Response('OK', status_code=200)However, when making a request it does fail with
CORS Missing Allow Origin [Quellübergreifende (Cross-Origin) Anfrageblockiert: Die Gleiche-Quelle-Regel verbietet das Lesen der externenRessource auf http://[::1]:8000/create_session/none. (Grund:CORS-Kopfzeile 'Access-Control-Allow-Origin' fehlt). Statuscode: 200.]
const response = await fetch('http://localhost:8000/', {credentials: "include"});The client is Firefox with a local file (file://.../main.html) opened.
I already tried all solutions from How can I enable CORS in FastAPI?. What's wrong?
Edit:My question is not a duplicate of How to access FastAPI backend from a different machine/IP on the same local network?, because the server and the client are on the same (local)host. Nevertheless I tried setting the suggested --host 0.0.0.0 and the error remains the same.
Also it's not a duplicate of FastAPI is not returning cookies to React frontend, because it suggests setting the CORS origin in the same way as the official docs, which does not work as I described above.