mudler
CORS and API key
CORS needs to be allow-listed for unauthenticated requests (without the API key) otherwise browsers can't use it.
This can be simply done by moving the https://github.com/mudler/LocalAI/blob/07655c0c2e0e5fe2bca86339a12237b69d258636/core/http/app.go#L138C5-L138C16 block before the authorization middleware, or by adding an exception for the OPTIONS HTTP method in https://github.com/mudler/LocalAI/blob/07655c0c2e0e5fe2bca86339a12237b69d258636/core/http/middleware/auth.go#L83
This seems to be related to a problem I have, when I try to connect the Thunderbird-Addon ThunderAI to LocalAI.
The Addon tries to get the models from the LocalAI-instance and in the container-logs I can see the following line:
WRN Client error ip=192.168.0.xxx latency=1.571684ms method=OPTIONS status=404 url=/models
See also the issue I opened there https://github.com/micz/ThunderAI/issues/242
[edit: fixed the link]
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue was closed because it has been stalled for 5 days with no activity.
I am encountering what appears to be this issue as well. As soon as I enable an API key, I get CORS errors and can no longer access the API from anywhere other than localhost, even with these env vars set in my docker compose file CORS=true CORS_ALLOW_ORIGINS=*
