aladac/tensors
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix CORS: allow_credentials must be False for wildcard origins

Browse Source 
CORS spec doesn't allow credentials with wildcard origins.
This was causing 403 for all crossorigin module preloads.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Adam Ladachowski
2026-02-15 23:53:53 +01:00
parent 2ea8bbeafd
commit ff9736dbe6
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tensors/server/__init__.py
+2 -2
View File
@@ -49,11 +49,11 @@ def create_app() -> FastAPI:
redoc_url=None, redoc_url=None,
) )
# CORS - allow all origins # CORS - allow all origins (credentials=False required for wildcard origin)
app.add_middleware( app.add_middleware(
CORSMiddleware, CORSMiddleware,
allow_origins=["*"], allow_origins=["*"],
allow_credentials=True, allow_credentials=False,
allow_methods=["*"], allow_methods=["*"],
allow_headers=["*"], allow_headers=["*"],
) )