Comments (13)
@jacebrowning I think you are going about this the wrong way. I would not be setting CORS_AUTOMATIC_OPTIONS = False
, I do not think that is the functionality you are looking at.
Take a look here about the Access-Control-Request-Method header.
The Access-Control-Request-Method request header is used by browsers when issuing a preflight request, to let the server know which HTTP method will be used when the actual request is made. This header is necessary as the preflight request is always an OPTIONS and doesn't use the same method as the actual request.
Your browser will always send this. If you truly want to mimic a preflight request in curl
, you should include it.
from sanic import Request, Sanic
app = Sanic(__name__)
app.config.CORS_ORIGINS = "*"
@app.get("/")
async def handler(request: Request):
...
app.run(port=9999)
▶ curl localhost:9999 -i -X OPTIONS -H "access-control-request-method: GET" -H "Origin: http://localhost:9999"
HTTP/1.1 204 No Content
allow: GET,HEAD,OPTIONS
access-control-allow-origin: http://localhost:9999
access-control-max-age: 5
access-control-allow-headers: *
access-control-allow-methods: GET,HEAD,OPTIONS
connection: keep-alive
If instead you issue the request without that header:
▶ curl localhost:9999 -i -X OPTIONS -H "Origin: http://localhost:9999" ☸ prod (internal)
HTTP/1.1 204 No Content
allow: GET,HEAD,OPTIONS
connection: keep-alive
And, in your logs:
[2022-02-17 21:53:10 +0200] [696822] [INFO] No Access-Control-Request-Method header found on request. CORS headers will not be applied.
from sanic-ext.
There's no bug with the last version - also the order matters and was the cause for the bug
This is another thing that changes in 21.12. Since there is no need to call Extend
(you still can if you want, or use app.extend()
), the order is not a problem.
from sanic-ext.
Hi, sanic-ext and sanic-cors have overlapping functionality. Can you remove sanic-cors and re-verify?
from sanic-ext.
Sorry, this is a ghost import from several tests. CORS is not called or applied.
Test is the same removing the import
from sanic-ext.
Confirmed using curl.
curl -v -X OPTIONS -H "Access-Control-Request-Method:GET" -H "Origin: test" http://localhost:8001
* Trying 127.0.0.1:8001...
* Connected to localhost (127.0.0.1) port 8001 (#0)
> OPTIONS / HTTP/1.1
> Host: localhost:8001
> User-Agent: curl/7.79.1
> Accept: */*
> Access-Control-Request-Method:GET
> Origin: test
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 204 No Content
< allow: HEAD,GET,OPTIONS
< connection: keep-alive
<
* Connection #0 to host localhost left intact
from sanic-ext.
When CORS headers are missing (curl http://localhost:500 -X OPTIONS -i
) the server logs:
[INFO] No Access-Control-Request-Method header found on request. CORS headers will not be applied.
Is there a way to always send CORS headers?
EDIT: Based on the docs, I would expect the default settings to work out-of-the box, but perhaps this logic is backwards?
sanic-ext/sanic_ext/extensions/http/cors.py
Lines 42 to 52 in 3b50cf0
It looks like this combination of options is required for CORS headers to be set automatically:
app.config.CORS_ORIGINS = "*"
app.config.CORS_AUTOMATIC_OPTIONS = False
from sanic-ext.
Feel free to carry on the conversation, but I do not see any bug here.
from sanic-ext.
@ahopkins Taking your own CURL request
[dalexandre@dalexandre ~]$ curl localhost:9999 -i -X OPTIONS -H "access-control-request-method: GET" -H "Origin: http://localhost:9999"
HTTP/1.1 204 No Content
allow: GET,HEAD,OPTIONS
connection: keep-alive
I don't have the headers in the response - it's the reason the issue was created in the first place.
You code snippet does not import sanic-ext in the first place
from sanic-ext.
You code snippet does not import sanic-ext in the first place
That is not needed in v21.12
To setup Sanic Extensions (v21.12+), you need to do: nothing. If it is installed in the environment, it is setup and ready to go.
I don't have the headers in the response
What are your CORS
settings?
What version are you on?
from sanic-ext.
The one in the first post. I've just added the 9999 port to answer to your request
from sanic-ext.
What version are you on?
sanic 21.9.3
sanic-ext 22.1.2
from sanic-ext.
With Sanic 21.9 you will still need to use Extend
. You also will need to make sure that the config settings are made before you call Extend.
# OK
app.config.CORS_ORIGINS = "*"
Extend(app)
# NOT OK
Extend(app)
app.config.CORS_ORIGINS = "*"
# OK
Extend(app, config={"cors_origins": "*"})
from sanic-ext.
Ok. Thanks for that.
There's no bug with the last version - also the order matters and was the cause for the bug
from sanic-ext.
Related Issues (20)
- [Feature Request] Response Compression
- [Bug] Can't use `pydantic>=2.0` model in OpenAPI definition HOT 1
- [Bug] Can't document/exclude websocket routes with OpenAPI decorator
- [Bug] Subheader "parameter" missing in sanic extensions document
- [Bug] Can't apply openapi decorators to blueprintss' routes
- [Bug]TypeError: listener() got an unexpected keyword argument 'priority' HOT 1
- [Bug] Documentation: dead link to the setting
- Query params validation is completely broken HOT 2
- Question regarding licensing info
- [Bug] Doubly defined objects in the output specification #260 HOT 2
- [Bug] The tags in OpenAPI yaml are not effective
- [Bug] Pydantic query validation with extra data not defined in model raise's KeyError HOT 4
- add project to nix packages
- Add support for scalar.com OpenAPI documentation
- [Bug] Sanic validation extension failed to validate aliased pydantic model field
- [Feature Request] Allow custom localization in `validate` function
- [Bug] Removing handlers in Background Logger extension removes only one handler.
- Question regarding `x-tagGroups` support
- [Bug] pydantic validation exception when validating unknown query strings HOT 2
- [Bug] `validate` should check passed in model type
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sanic-ext.