[v3-2-test] Make CORS allow_credentials configurable (#66503)#67181
Closed
github-actions[bot] wants to merge 1 commit into
Closed
[v3-2-test] Make CORS allow_credentials configurable (#66503)#67181github-actions[bot] wants to merge 1 commit into
github-actions[bot] wants to merge 1 commit into
Conversation
* Make CORS allow_credentials configurable The FastAPI CORS middleware was initialized with allow_credentials=True hardcoded. Add a new [api] access_control_allow_credentials boolean option (default True to preserve existing behavior) so deployments that configure access_control_allow_origins but do not want credentialed cross-origin requests can opt out. * Address review nits: bump version_added to 3.2.2, hoist imports - config.yml: version_added 3.2.0 -> 3.2.2 to match the backport target - test_app.py: move FastAPI, CORSMiddleware, init_config, and conf_vars imports to the top of the file instead of inline inside the test method. --------- (cherry picked from commit 2723f66) Co-authored-by: Jarek Potiuk <jarek@potiuk.com> Co-authored-by: vatsrahul1001 <rah.sharma11@gmail.com>
1 task
pierrejeambrun
requested changes
May 19, 2026
Member
pierrejeambrun
left a comment
pierrejeambrun
left a comment
There was a problem hiding this comment.
Lets resolve the conversion on the original PR before backporting this.
Blocking to not merge by mistake.
Member
|
Closing, Jarek is reverting on main. That's not needed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The FastAPI CORS middleware was initialized with allow_credentials=True
hardcoded. Add a new [api] access_control_allow_credentials boolean
option (default True to preserve existing behavior) so deployments that
configure access_control_allow_origins but do not want credentialed
cross-origin requests can opt out.
imports to the top of the file instead of inline inside the test method.
(cherry picked from commit 2723f66)
Co-authored-by: Jarek Potiuk jarek@potiuk.com
Co-authored-by: vatsrahul1001 rah.sharma11@gmail.com