Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow customizing allowed headers in CORS settings #669

Closed
spaceemotion opened this issue Oct 1, 2023 · 13 comments
Closed

Allow customizing allowed headers in CORS settings #669

spaceemotion opened this issue Oct 1, 2023 · 13 comments

Comments

@spaceemotion
Copy link

Based on some additional research on an issue I have (#300 (comment)), I am getting the following error in chrome/firefox:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:11434/api/tags. (Reason: header ‘baggage’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).

(see https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowHeaderFromPreflight for details)

It would be helpful to allow all headers (if possible?) as I am able to call the API via tools like curl, postman, etc., but not using fetch() from a webpage. This does not need to be the default, an env variable like OLLAMA_HOST and such works for me.
@spaceemotion
Copy link
Author

Quick update: I found a middleware that intercepted the fetch calls to add custom headers. Blocking the middleware for requests to Ollama did the trick. However, it would still be nice to be able to control this natively.

@jmorganca
Copy link
Member

Hi @spaceemotion, OLLAMA_ORIGINS is available as an environment variable you can set: https://github.com/jmorganca/ollama/blob/main/docs/faq.md#how-can-i-allow-additional-web-origins-to-access-ollama

Hope this helps! Sorry for taking awhile to respond.

@do-me
Copy link

do-me commented Mar 6, 2024

Did anyone find a solution to make this work on Firefox as well? I'm not sure whether it's missing user agent headers or whether it's http to https connection problem. 

I currently run: 

  • on Windows Powershell:$env:OLLAMA_ORIGINS="https://do-me.github.io"; ollama serve
  • on Ubuntu: OLLAMA_ORIGINS="https://do-me.github.io" ollama serve

This works on Chromium (like Chrome and Edge) but not FF. FF gives me a link to this and the logs show a 204 error.

[GIN] 2024/03/06 - 13:16:24 | 204 | 0s | 127.0.0.1 | OPTIONS "/api/chat"

Background: I want to make the Ollama SemanticFinder integration work in FF too.

@do-me do-me mentioned this issue Mar 12, 2024
Closed
@osfa
Copy link

osfa commented Mar 14, 2024
edited

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1:11434/api/chat. (Reason: header ‘user-agent’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response). same issue. I also have the same issue in safari, but works in chrome. missing user agent headers is the issue I think?

@do-me
Copy link

do-me commented Mar 14, 2024
edited

The issue is precisely this, right. I suppose one could just route everything over a proxy like https://corsproxy.io/ but I'd prefer a clean solution not relying on a third-party service.

@theowenyoung theowenyoung mentioned this issue Mar 19, 2024
Closed
@Anivie
Copy link

Anivie commented Mar 30, 2024

I am get the same error even I am run with chrome, is there any way to solve this error with Access-Control-Allow-Headers?

@MapleEve MapleEve mentioned this issue Apr 9, 2024
Closed
@Kmfernan5
Copy link

same here

@Yash-1511
Copy link

same issue! please resolve this issue

@ewantindale
Copy link

Hi @spaceemotion, OLLAMA_ORIGINS is available as an environment variable you can set: https://github.com/jmorganca/ollama/blob/main/docs/faq.md#how-can-i-allow-additional-web-origins-to-access-ollama

Hope this helps! Sorry for taking awhile to respond.

I followed the steps here for Linux but I am still getting this error in Chrome:

Access to fetch at 'http://localhost:11434/v1/chat/completions' from origin 'http://localhost:5173' has been blocked by CORS policy: Request header field x-stainless-os is not allowed by Access-Control-Allow-Headers in preflight response.

@spaceemotion
Copy link
Author

@ewantindale the x-stainless headers are from the OpenAI SDK, you have to replace how it handles headers internally as a workaround:

class NoStainlessOpenAI extends OpenAI {
  defaultHeaders(opts: FinalRequestOptions) {
    return {
      Accept: 'application/json',
      'Content-Type': 'application/json',
      ...this.authHeaders(opts),
    };
  }
}

@ewantindale
Copy link

@ewantindale the x-stainless headers are from the OpenAI SDK, you have to replace how it handles headers internally as a workaround:

class NoStainlessOpenAI extends OpenAI {
  defaultHeaders(opts: FinalRequestOptions) {
    return {
      Accept: 'application/json',
      'Content-Type': 'application/json',
      ...this.authHeaders(opts),
    };
  }
}

Thanks, fixed that issue but now I get

Access to fetch at 'http://localhost:11434/v1/chat/completions' from origin 'http://localhost:5173' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.

I am following the instructions here: https://github.com/ollama/ollama/blob/main/docs/openai.md

@spaceemotion
Copy link
Author

@ewantindale you can just remove this line from the extended class:

      ...this.authHeaders(opts),

@j2l
Copy link

j2l commented May 4, 2024

Same issue on FF on ubuntu, but working with Chromium.
I'd love to use this on FF.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@j2l @osfa @jmorganca @spaceemotion @ewantindale @do-me @Yash-1511 @Anivie @Kmfernan5