-
Notifications
You must be signed in to change notification settings - Fork 7.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature] Enable CORS in gpt4all-chat/server.cpp #2196
Comments
You've already commented in #1008, which enables CORS (or at least part of it). Said pull request includes a simple HTML file with a bit of JavaScript. I've just tested that again, and it still works. So my questions are:
|
Hello cosmic-snow, I have tried to make a simplified version for a firefox extension. make a folder an put two file inside "manifest.json" and "background.js" manifest.json
background.js
Load this Extension in Firefox
What this AddOn do
Networking ConsoleFirst is "no-corse" it can access the gpt4all API, but Javascript can not access the content. With CORS (Cross-Origin Resource Sharing), the browser sends a preflight OPTION request before making a POST request to another domain. However, it seems that you're not receiving the correct response for this preflight request, leading to a failed POST API request due to a CORS error. JavaScript ConsoleConclusionWithout proper correspondence regarding CORS (Cross-Origin Resource Sharing) preflight OPTIONS, no one can implement a browser extension or Thunderbird extension for using gpt4all. |
Alright, I'll look at that example of yours later. But before I invest any time in that:
It's in the demo section of PR #1008. |
insert in main() in background.js script
It is similary to #1008 GET Models is working. GET Models Network Consolehere is no OPTIONS send first from Browser and it get all models |
Here the trace in wireshark the Browser get status 404 for asking first with OPTION the server Wireshark Browser to gpt4all server.cppOPTIONS /v1/chat/completions HTTP/1.1 Wrieshark Answhere gpt4all server.cpp Error 404HTTP/1.1 404 Not Found |
Yes, the OPTIONS method of HTTP is not implemented in the chat server. That's something which needs to be done separately. The Qt framework's HTTP server (which is used by this application) doesn't have a full-fledged web API framework so that would have to be done explicitely (see the code from here). I just wanted to make sure that there isn't some other problem on your end and the basic CORS example works. I haven't looked at/tried your example yet, but will do so sometime today. |
Alright, some initial notes on this:
So as mentioned, you could probably get around it through I'll further edit this comment after investigating some more [1]: https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request |
Thank you Seems you are right, with a "simple_request" its possible to access the json answhere. Possible Solution with simple_requestmanifest.json
background.js
CORS Simple Request Fetch/XMLHttpRequest |
|
with your Ressource [2} specifying a "CORS Simple Request" I had success with Fetch and with XMLHttpRequest. With this Example to implementing CORS Simple Request we should be able to program Firefox/Thunderbird Extension to use GPT4ALL locally together with this Applications (FF/Thunderbird). Thank you so much, may it implements in future also the CORS Preflight, so no developer does strugling with the unsuccessfully CORS Preflight. |
I have not tested the following thoroughly, but it might be enough to make a browser's preflight request happy. I don't have the time to do more tests right now, though, so I'll leave this here for the moment: // server.cpp: Server::start()
m_server->route("<arg>", QHttpServerRequest::Method::Options, // <arg> with QUrl is basically a wildcard match
[](const QUrl &anyPath, const QHttpServerRequest &request, QHttpServerResponder &&responder) {
auto headers = request.headers();
// reuse and allow request's "Origin" and "Access-Control-Request-Headers" headers:
QByteArray allowOrigin = "";
QByteArray allowRequestHeaders = "";
for (auto const& header: headers) {
if (header.first == "Origin") {
allowOrigin = header.second;
} else if (header.first == "Access-Control-Request-Headers") {
allowRequestHeaders = header.second;
}
}
// send OPTIONS preflight response for CORS:
responder.write(
"", // empty body, only headers matter
QHttpServerResponder::HeaderList {
std::make_pair("Connection", "Keep-Alive"),
std::make_pair("Access-Control-Allow-Origin", allowOrigin),
std::make_pair("Access-Control-Allow-Methods", "GET, POST, OPTIONS"),
std::make_pair("Access-Control-Allow-Headers", allowRequestHeaders),
std::make_pair("Access-Control-Max-Age", "86400"),
},
QHttpServerResponder::StatusCode::NoContent
);
}
); |
@zwilch Please try using
like this and see if that allows you to avoid CORS entirely. see |
@iimez I have changed manifest.json to this:
You are correct, this works perfectly! All POST requests from the browser now go through without the OPTION CORS preflight request before. This was a misconfiguration in "host_permissions" with no error related to Thank you very much for this hint. |
Feature Request
To access the GPT4All API directly from a browser (such as Firefox), or through browser extensions (for Firefox and Chrome), as well as extensions in Thunderbird (similar to Firefox), the server.cpp file needs to support CORS (Cross-Origin Resource Sharing) and properly handle CORS Preflight OPTIONS requests from the browser.
The text was updated successfully, but these errors were encountered: