Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS and API key #4576

Open
Cyberax opened this issue Jan 10, 2025 · 0 comments
Open

CORS and API key #4576

Cyberax opened this issue Jan 10, 2025 · 0 comments
Labels
bug Something isn't working unconfirmed

Comments

@Cyberax
Copy link

Cyberax commented Jan 10, 2025

CORS needs to be allow-listed for unauthenticated requests (without the API key) otherwise browsers can't use it.

This can be simply done by moving the https://github.com/mudler/LocalAI/blob/07655c0c2e0e5fe2bca86339a12237b69d258636/core/http/app.go#L138C5-L138C16 block before the authorization middleware, or by adding an exception for the OPTIONS HTTP method in

LocalAI/core/http/middleware/auth.go

Line 83 in 07655c0

func getApiKeyRequiredFilterFunction(applicationConfig *config.ApplicationConfig) func(*fiber.Ctx) bool {

@Cyberax Cyberax added bug Something isn't working unconfirmed labels Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working unconfirmed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Cyberax