Skip to content

stac-fastapi does not provide CORS header (Cross-Origin Resource Sharing) #127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ghost opened this issue Apr 27, 2021 · 5 comments
Closed

stac-fastapi does not provide CORS header (Cross-Origin Resource Sharing) #127

ghost opened this issue Apr 27, 2021 · 5 comments

Comments

@ghost
Copy link

ghost commented Apr 27, 2021
edited by ghost
Loading

Hi all,

at first thanks for this great software!

When using "STAC browser" on a catalog created with stac-fastapi I get an error message that normally indicates that cors headers are not present.

"NetworkError when attempting to fetch resource.
Please note that some servers don't allow external access via web browsers (e.g., when CORS headers are not present).
Errored URL: https://localhost:8081"

Any comment is appreciated! If you point me to a location in the source code I can also try to include it.
@vincentsarago
Copy link
Member

vincentsarago commented Apr 27, 2021
edited
Loading

@DanielMaierLGLN I think this is expected, It's let to the end users to customize the application layer.

Basically you need to update https://github.com/stac-utils/stac-fastapi/blob/master/stac_fastapi/sqlalchemy/stac_fastapi/sqlalchemy/app.py#L31 as 👇

"""FastAPI application."""
from stac_fastapi.api.app import StacApi
from stac_fastapi.extensions.core import (
    FieldsExtension,
    QueryExtension,
    SortExtension,
    TransactionExtension,
)
from stac_fastapi.extensions.third_party import BulkTransactionExtension
from stac_fastapi.sqlalchemy.config import SqlalchemySettings
from stac_fastapi.sqlalchemy.core import CoreCrudClient
from stac_fastapi.sqlalchemy.session import Session
from stac_fastapi.sqlalchemy.transactions import (
    BulkTransactionsClient,
    TransactionsClient,
)

from starlette.middleware.cors import CORSMiddleware

settings = SqlalchemySettings()
session = Session.create_from_settings(settings)
api = StacApi(
    settings=settings,
    extensions=[
        TransactionExtension(client=TransactionsClient(session=session)),
        BulkTransactionExtension(client=BulkTransactionsClient(session=session)),
        FieldsExtension(),
        QueryExtension(),
        SortExtension(),
    ],
    client=CoreCrudClient(session=session),
)
app = api.app

# ADD CORSMiddleware
app.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],
    allow_credentials=True,
    allow_methods=["GET", "POST"],
    allow_headers=["*"],
)

@ghost
Copy link
Author

ghost commented Apr 28, 2021

Thank you very much @vincentsarago!
If it is expected to be done by the end users - it's ok for me (maybe it makes sense it include it in the documentation?).

I confirm that your solution is working (apart from a small typo in the app.add_middleware part).
Thanks again :)

@geospatial-jeff
Copy link
Collaborator

Linking to the FastAPI CORS docs would be lovely https://fastapi.tiangolo.com/tutorial/cors/

@geospatial-jeff
Copy link
Collaborator

Given the api spec recommends adding CORS I think it makes sense to include by default.

https://github.com/radiantearth/stac-api-spec/blob/master/implementation.md#cors

@vincentsarago vincentsarago mentioned this issue Jan 27, 2022
Closed
@geospatial-jeff geospatial-jeff mentioned this issue Jan 28, 2022
Closed
4 tasks
@geospatial-jeff geospatial-jeff mentioned this issue Aug 1, 2022
Closed
@geospatial-jeff
Copy link
Collaborator

Closed with #436

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vincentsarago @geospatial-jeff