Classes
CORSConfig
6
▼
CORS middleware configuration.
All fields have secure defaults (nothing is allowed).
Override what…
CORSConfig
6
▼
CORS middleware configuration.
All fields have secure defaults (nothing is allowed). Override what you need::
CORSConfig(
allow_origins=["https://example.com"],
allow_methods=["GET", "POST"],
)
Attributes
| Name | Type | Description |
|---|---|---|
allow_origins |
tuple[str, ...]
|
— |
allow_methods |
tuple[str, ...]
|
— |
allow_headers |
tuple[str, ...]
|
— |
expose_headers |
tuple[str, ...]
|
— |
allow_credentials |
bool
|
— |
max_age |
int
|
— |
CORSMiddleware
5
▼
Standards-compliant CORS middleware.
Handles:
- Preflight ``OPTIONS`` requests (returns 204 with C…
CORSMiddleware
5
▼
Standards-compliant CORS middleware.
Handles:
- Preflight
OPTIONSrequests (returns 204 with CORS headers) - Simple and actual requests (adds CORS headers to response)
- Credential support (
Access-Control-Allow-Credentials) - Wildcard origins (
"*") when credentials are disabled
Usage::
app.add_middleware(CORSMiddleware(CORSConfig(
allow_origins=["https://example.com"],
allow_methods=["GET", "POST", "PUT"],
allow_headers=["Content-Type", "Authorization"],
)))
Methods
Internal Methods 5 ▼
__init__
1
▼
__init__
1
▼
def __init__(self, config: CORSConfig | None = None) -> None
Parameters
| Name | Type | Description |
|---|---|---|
config |
— |
Default:None
|
_is_allowed_origin
1
bool
▼
Check if the origin is in the allow list.
_is_allowed_origin
1
bool
▼
def _is_allowed_origin(self, origin: str) -> bool
Parameters
| Name | Type | Description |
|---|---|---|
origin |
— |
Returns
bool
_add_cors_headers
2
Response
▼
Add CORS headers to a response.
_add_cors_headers
2
Response
▼
def _add_cors_headers(self, response: Response, origin: str) -> Response
Parameters
| Name | Type | Description |
|---|---|---|
response |
— |
|
origin |
— |
Returns
Response
_preflight_response
2
Response
▼
Build a preflight response with all CORS headers.
_preflight_response
2
Response
▼
def _preflight_response(self, origin: str, request_method: str | None) -> Response
Parameters
| Name | Type | Description |
|---|---|---|
origin |
— |
|
request_method |
— |
Returns
Response
__call__
2
Response
▼
Process the request with CORS handling.
async
__call__
2
Response
▼
async def __call__(self, request: Request, next: Next) -> Response
Parameters
| Name | Type | Description |
|---|---|---|
request |
— |
|
next |
— |
Returns
Response