wtavares
commented
1 week ago +1 here...
I tried to remove the check origin at the api.py. But the front keeps the CORS error. The API is working.
`# Allow requests only from the same origin
app.add_middleware(
CORSMiddleware,
allow_origins=["*"], # This will be restricted by the custom middleware
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
Custom middleware to check if the request is from the same origin
@app.middleware("http") async def check_same_origin(request: Request, call_next):
Allow public access to /api/health
# if request.url.path == "/api/health":
# return await call_next(request)
#
# origin = request.headers.get("origin")
# if origin == str(request.base_url).rstrip("/") or (
# origin
# and origin.startswith("http://localhost:")
# and request.base_url.hostname == "localhost"
# ):
# return await call_next(request)
# else:
# # Only apply restrictions to /api/ routes (except /api/health)
# if request.url.path.startswith("/api/"):
# return JSONResponse(
# status_code=403,
# content={
# "error": "Not allowed",
# "details": {
# "request_origin": origin,
# "expected_origin": str(request.base_url),
# "request_method": request.method,
# "request_url": str(request.url),
# "request_headers": dict(request.headers),
# "expected_header": "Origin header matching the server's base URL or localhost",
# },
# },
# )
# Allow non-API routes to pass through
return await call_next(request)`
First of all: I really enjoyed playing around with this. I got it all working and it's a lot of fun!
I wanted to show some people in my office this application. Usually I just use nginx proxy manager to open it up *with access rules) but this time it didn't work. Seems to be CORS according to my browser console. Not sure how to fix this though.
Running Docker, Weaviate and Ollama versions on Linux.