[Bug]: CORS header 'Access-Control-Allow-Origin' missing

[schoenix]

What happened?

If I want to go to http://somehost:3000/user I got an eternal spinner and the web console printed me this error "CORS header 'Access-Control-Allow-Origin' missing". I tried it with localhost and with another computer and with firefox and chromium. Meanwhile the chat works.

Relevant log output

Access to XMLHttpRequest at 'http://192.168.20.124:5050/user' from origin,'http://192.168.20.124:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Twitter / LinkedIn details

No response

[dosubot]

🤖

Hello,

The "CORS header 'Access-Control-Allow-Origin' missing" error you're encountering is likely due to the origin 'http://somehost:3000' not being included in the list of allowed origins in the CORS middleware configuration of Quivr.

To resolve this issue, you need to add 'http://somehost:3000' to the list of allowed origins in your cors.py file. Here's how you can do it:

from fastapi.middleware.cors import CORSMiddleware

origins = [
    "http://localhost",
    "http://localhost:3000",
    "http://localhost:3001",
    "https://quivr.app",
    "https://www.quivr.app",
    "http://quivr.app",
    "http://www.quivr.app",
    "http://somehost:3000",  # Add this line
    "*",
]


def add_cors_middleware(app):
    app.add_middleware(
        CORSMiddleware,
        allow_origins=origins,
        allow_credentials=True,
        allow_methods=["*"],
        allow_headers=["*"],
    )

After making this change, your application should allow requests from 'http://somehost:3000', and you should no longer see the CORS error.

This solution is based on the current CORS middleware configuration in the Quivr codebase, which allows requests from the following origins:

• "http://localhost"
• "http://localhost:3000"
• "http://localhost:3001"
• "https://quivr.app"
• "https://www.quivr.app"
• "http://quivr.app"
• "http://www.quivr.app"
• "*"

It also allows all methods and headers, and credentials are allowed as well.

Please let me know if this resolves your issue or if you need further assistance.

Best regards.

Sources

• [Issue] CORS error
• has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
• backend/middlewares/cors.py

---

This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

If you want to continue the conversation, start your reply with @dosu-bot.

[schoenix]

I did it, but I still got

"9530-bd297a4f57801ca6.js:1
GET https://cdn.growthbook.io/api/features/%3Cignore-me-or-change-me%3E 400 (Bad Request)
6269-dbf6ac675356bb15.js:1
GET http://192.168.20.124:3000/_vercel/insights/script.js net::ERR_ABORTED 404 (Not Found)
9222-7e071601b78b146c.js:6
GET http://192.168.20.124:3000/%3Cignore-me-or-change-me%3E 404 (Not Found)
7621-972a21b3e52680c5.js:1
POST https://api.june.so/sdk/identify 401 (Unauthorized)
user:1 Access to XMLHttpRequest at 'http://192.168.20.124:5050/user' from origin 'http://192.168.20.124:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
9222-7e071601b78b146c.js:6
GET http://192.168.20.124:5050/user net::ERR_FAILED 500 (Internal Server Error)
user:1 Access to XMLHttpRequest at 'http://192.168.20.124:5050/brains/default/' from origin 'http://192.168.20.124:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
9222-7e071601b78b146c.js:6
GET http://192.168.20.124:5050/brains/default/ net::ERR_FAILED 500 (Internal Server Error)"

[zoernert]

Struggling with the same issue.

• There is no Response header present at all.
• It seems as the cors.py declaration is not used.
• Trying to figure out if some sort of build caching might have caused this issue on my side.

[chenmnkken]

I got the same issue too, and I already set the web domain in cors.py.

[jm-rizkallah]

Yeah same here i'm not sure the cors.py is taken into consideration

[raisindetre]

For reference, first encountered this issue using 0.0.81 #fa3412b7 on OSX 13.5.1. v0.0.81 introduced CORS issues and failure to retrieve chat responses/brains config data. v0.0.82 is the same but with excessive backend API calls and rapid UI refreshes in Brains config screens. Same issues are observed in HEAD (> v0.0.88, #f13f08c5). Have not tested tagged releases between 0.0.82 and 0.0.88 but assuming issue persists through them.

[zoernert]

Checkout the frontend/next.config.js there look at the ContentSecurityPolicy. I assume this is the root cause if frontend is run as "local" even if it is on another server.

[raisindetre]

Possibly but I also found that 0.0.81 introduced a backend error caused by the last_update property of the BrainEntity not being set.

backend-core  | ERROR:    Exception in ASGI application
backend-core  | Traceback (most recent call last):
...
backend-core  |   File "/usr/local/lib/python3.11/site-packages/pydantic/main.py", line 341, in __init__
backend-core  |     raise validation_error
backend-core  | pydantic.error_wrappers.ValidationError: 1 validation error for BrainEntity
backend-core  | last_update
backend-core  |   field required (type=value_error.missing)

I edited quivr/backend/models/brain_entity.py lines 18 and 44 from last_update: str to last_update: str = "" and rebuilt the Docker image and was able to make successful API calls to retrieve Brain data and chat without the CORS errors.

So, it seems like backend errors in code are also triggering the CORS errors. As a side note I noticed other errors in the backend log after doing this so I wouldn't recommend it as a fix.

[zoernert]

So, it seems like backend errors in code are also triggering the CORS errors.

I can confirm this. Had backend errors with file uploads and CORS issue appeared again.

[mamadoudicko]

Hi here 👋🏽,

Are you still facing this ?

If yes, do you have an error on back side ?

Thanks

[alex-crr]

Hey, I get the same error when trying to send a prompt. Usually it ends up being recorded in Supabase, but I get an empty assistant answer. Here's the error:
Access to fetch at 'http://localhost:5050/<rest-of-url>' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I also seem to get a POST 401 error, but from api.june.so, so I'm pretty sure it isn't the root of my problem.

Hi here 👋🏽,

Are you still facing this ?

If yes, do you have an error on back side ?

Thanks

How should I check If there is any backend error?

[MeTaNoV]

Hi here 👋🏽,

Are you still facing this ?

If yes, do you have an error on back side ?

Thanks

Yes, it seems there are still CORS issues around. Here some logs from the backend:

backend-core  | INFO:     172.21.0.2:37624 - "GET /brains/default/ HTTP/1.1" 500 Internal Server Error
backend-core  | ERROR:    Exception in ASGI application
backend-core  | Traceback (most recent call last):
backend-core  |   File "/venv/lib/python3.11/site-packages/uvicorn/protocols/http/h11_impl.py", line 428, in run_asgi
backend-core  |     result = await app(  # type: ignore[func-returns-value]
backend-core  |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/venv/lib/python3.11/site-packages/uvicorn/middleware/proxy_headers.py", line 78, in __call__
backend-core  |     return await self.app(scope, receive, send)
backend-core  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/venv/lib/python3.11/site-packages/fastapi/applications.py", line 276, in __call__
backend-core  |     await super().__call__(scope, receive, send)
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/applications.py", line 122, in __call__
backend-core  |     await self.middleware_stack(scope, receive, send)
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/middleware/errors.py", line 184, in __call__
backend-core  |     raise exc
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/middleware/errors.py", line 162, in __call__
backend-core  |     await self.app(scope, receive, _send)
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/middleware/cors.py", line 91, in __call__
backend-core  |     await self.simple_response(scope, receive, send, request_headers=headers)
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/middleware/cors.py", line 146, in simple_response
backend-core  |     await self.app(scope, receive, send)
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/middleware/exceptions.py", line 79, in __call__
backend-core  |     raise exc
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/middleware/exceptions.py", line 68, in __call__
backend-core  |     await self.app(scope, receive, sender)
backend-core  |   File "/venv/lib/python3.11/site-packages/fastapi/middleware/asyncexitstack.py", line 21, in __call__
backend-core  |     raise e
backend-core  |   File "/venv/lib/python3.11/site-packages/fastapi/middleware/asyncexitstack.py", line 18, in __call__
backend-core  |     await self.app(scope, receive, send)
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/routing.py", line 718, in __call__
backend-core  |     await route.handle(scope, receive, send)
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/routing.py", line 276, in handle
backend-core  |     await self.app(scope, receive, send)
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/routing.py", line 66, in app
backend-core  |     response = await func(request)
backend-core  |                ^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/venv/lib/python3.11/site-packages/fastapi/routing.py", line 237, in app
backend-core  |     raw_response = await run_endpoint_function(
backend-core  |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/venv/lib/python3.11/site-packages/fastapi/routing.py", line 163, in run_endpoint_function
backend-core  |     return await dependant.call(**values)
backend-core  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/code/routes/brain_routes.py", line 59, in retrieve_default_brain
backend-core  |     brain = get_default_user_brain_or_create_new(current_user)
backend-core  |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/code/repository/brain/get_default_user_brain_or_create_new.py", line 12, in get_default_user_brain_or_create_new
backend-core  |     default_brain = get_user_default_brain(user.id)
backend-core  |                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/code/repository/brain/get_default_user_brain.py", line 21, in get_user_default_brain
backend-core  |     return get_brain_by_id(brain_id)
backend-core  |            ^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/code/repository/brain/get_brain_by_id.py", line 9, in get_brain_by_id
backend-core  |     return supabase_db.get_brain_by_id(brain_id)
backend-core  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/code/models/databases/supabase/brains.py", line 326, in get_brain_by_id
backend-core  |     return BrainEntity(**response[0])
backend-core  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "pydantic/main.py", line 341, in pydantic.main.BaseModel.__init__
backend-core  | pydantic.error_wrappers.ValidationError: 1 validation error for BrainEntity
backend-core  | brain_type
backend-core  |   field required (type=value_error.missing)
backend-core  | INFO:     172.21.0.2:37634 - "GET /user/identity HTTP/1.1" 200 OK

PS: Using the Traefik integration for a deployment on a server, and added the configured FRONTEND URL in cors.py

[MeTaNoV]

Hi here 👋🏽,
Are you still facing this ?
If yes, do you have an error on back side ?
Thanks

Yes, it seems there are still CORS issues around. Here some logs from the backend:

backend-core  | INFO:     172.21.0.2:37624 - "GET /brains/default/ HTTP/1.1" 500 Internal Server Error
backend-core  | ERROR:    Exception in ASGI application
backend-core  | Traceback (most recent call last):
backend-core  |   File "/venv/lib/python3.11/site-packages/uvicorn/protocols/http/h11_impl.py", line 428, in run_asgi
backend-core  |     result = await app(  # type: ignore[func-returns-value]
backend-core  |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/venv/lib/python3.11/site-packages/uvicorn/middleware/proxy_headers.py", line 78, in __call__
backend-core  |     return await self.app(scope, receive, send)
backend-core  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/venv/lib/python3.11/site-packages/fastapi/applications.py", line 276, in __call__
backend-core  |     await super().__call__(scope, receive, send)
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/applications.py", line 122, in __call__
backend-core  |     await self.middleware_stack(scope, receive, send)
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/middleware/errors.py", line 184, in __call__
backend-core  |     raise exc
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/middleware/errors.py", line 162, in __call__
backend-core  |     await self.app(scope, receive, _send)
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/middleware/cors.py", line 91, in __call__
backend-core  |     await self.simple_response(scope, receive, send, request_headers=headers)
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/middleware/cors.py", line 146, in simple_response
backend-core  |     await self.app(scope, receive, send)
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/middleware/exceptions.py", line 79, in __call__
backend-core  |     raise exc
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/middleware/exceptions.py", line 68, in __call__
backend-core  |     await self.app(scope, receive, sender)
backend-core  |   File "/venv/lib/python3.11/site-packages/fastapi/middleware/asyncexitstack.py", line 21, in __call__
backend-core  |     raise e
backend-core  |   File "/venv/lib/python3.11/site-packages/fastapi/middleware/asyncexitstack.py", line 18, in __call__
backend-core  |     await self.app(scope, receive, send)
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/routing.py", line 718, in __call__
backend-core  |     await route.handle(scope, receive, send)
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/routing.py", line 276, in handle
backend-core  |     await self.app(scope, receive, send)
backend-core  |   File "/venv/lib/python3.11/site-packages/starlette/routing.py", line 66, in app
backend-core  |     response = await func(request)
backend-core  |                ^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/venv/lib/python3.11/site-packages/fastapi/routing.py", line 237, in app
backend-core  |     raw_response = await run_endpoint_function(
backend-core  |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/venv/lib/python3.11/site-packages/fastapi/routing.py", line 163, in run_endpoint_function
backend-core  |     return await dependant.call(**values)
backend-core  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/code/routes/brain_routes.py", line 59, in retrieve_default_brain
backend-core  |     brain = get_default_user_brain_or_create_new(current_user)
backend-core  |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/code/repository/brain/get_default_user_brain_or_create_new.py", line 12, in get_default_user_brain_or_create_new
backend-core  |     default_brain = get_user_default_brain(user.id)
backend-core  |                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/code/repository/brain/get_default_user_brain.py", line 21, in get_user_default_brain
backend-core  |     return get_brain_by_id(brain_id)
backend-core  |            ^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/code/repository/brain/get_brain_by_id.py", line 9, in get_brain_by_id
backend-core  |     return supabase_db.get_brain_by_id(brain_id)
backend-core  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "/code/models/databases/supabase/brains.py", line 326, in get_brain_by_id
backend-core  |     return BrainEntity(**response[0])
backend-core  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core  |   File "pydantic/main.py", line 341, in pydantic.main.BaseModel.__init__
backend-core  | pydantic.error_wrappers.ValidationError: 1 validation error for BrainEntity
backend-core  | brain_type
backend-core  |   field required (type=value_error.missing)
backend-core  | INFO:     172.21.0.2:37634 - "GET /user/identity HTTP/1.1" 200 OK

PS: Using the Traefik integration for a deployment on a server, and added the configured FRONTEND URL in cors.py

So, it seems that the CORS issue was a side effect of the last migrations that didn't run properly... After running the migration manually in Supabase, the CORS issue on the FrontEnd disappeared! (At least for me)

[github-actions]

Thanks for your contributions, we'll be closing this issue as it has gone stale. Feel free to reopen if you'd like to continue the discussion.

[Greyvend]

I'm still facing this issue.

[MeTaNoV]

I'm still facing this issue.

check error message in your backend logs, it is probably due to some DB issues, like the one I had (see previous messages)

[melfebulu]

oh, the same error....

Access to XMLHttpRequest at 'http://192.168.237.68:5050/brains/default/' from origin 'http://192.168.237.68:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

ERROR: Exception in ASGI application
backend-core | Traceback (most recent call last):
backend-core | File "/usr/local/lib/python3.11/site-packages/httpx/_transports/default.py", line 66, in map_httpcore_exceptions
backend-core | yield
backend-core | File "/usr/local/lib/python3.11/site-packages/httpx/_transports/default.py", line 228, in handle_request
backend-core | resp = self._pool.handle_request(req)
backend-core | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core | File "/usr/local/lib/python3.11/site-packages/httpcore/_sync/connection_pool.py", line 216, in handle_request
backend-core | raise exc from None
backend-core | File "/usr/local/lib/python3.11/site-packages/httpcore/_sync/connection_pool.py", line 196, in handle_request
backend-core | response = connection.handle_request(
backend-core | ^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core | File "/usr/local/lib/python3.11/site-packages/httpcore/_sync/connection.py", line 99, in handle_request
backend-core | raise exc
backend-core | File "/usr/local/lib/python3.11/site-packages/httpcore/_sync/connection.py", line 76, in handle_request
backend-core | stream = self._connect(request)
backend-core | ^^^^^^^^^^^^^^^^^^^^^^
backend-core | File "/usr/local/lib/python3.11/site-packages/httpcore/_sync/connection.py", line 122, in _connect
backend-core | stream = self._network_backend.connect_tcp(**kwargs)
backend-core | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
backend-core | File "/usr/local/lib/python3.11/site-packages/httpcore/_backends/sync.py", line 205, in connect_tcp
backend-core | with map_exceptions(exc_map):
backend-core | File "/usr/local/lib/python3.11/contextlib.py", line 155, in exit
backend-core | self.gen.throw(typ, value, traceback)
backend-core | File "/usr/local/lib/python3.11/site-packages/httpcore/_exceptions.py", line 14, in map_exceptions
backend-core | raise to_exc(exc) from exc
backend-core | httpcore.ConnectError: [Errno -2] Name or service not known
backend-core |
backend-core | The above exception was the direct cause of the following exception:
backend-core |
backend-core | Traceback (most recent call last):
backend-core | File "/usr/local/lib/python3.11/site-packages/uvicorn/protocols/http/h11_impl.py", line 428, in run_asgi
backend-core | result = await app( # type: ignore[func-returns-value]
.......