happyz
/
fastapi
mirror of https://github.com/tiangolo/fastapi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cors tutorial: add explicit headers when credentials are allowed

This commit is contained in:
Flavius Raducu 2025-09-25 23:38:03 +01:00
parent 450a334253
commit 63b1ac6092
No known key found for this signature in database
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs_src/cors/tutorial001.py
View File

@ -14,8 +14,8 @@ app.add_middleware(
CORSMiddleware,
allow_origins=origins,
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
allow_methods=["GET"],
allow_headers=["X-Example"],
)

5
tests/test_tutorial/test_cors/test_tutorial001.py
View File

@ -18,7 +18,10 @@ def test_cors():
response.headers["access-control-allow-origin"]
== "https://localhost.tiangolo.com"
)
assert response.headers["access-control-allow-headers"] == "X-Example"
expected_headers = (
"Accept, Accept-Language, Content-Language, Content-Type, X-Example"
)
assert response.headers["access-control-allow-headers"] == expected_headers
# Test standard response
headers = {"Origin": "https://localhost.tiangolo.com"}