FastAPI with Nginx facing CORS issue

my problem is that when i try to request information from the API, i get CORS policy issue. The API is in different domain and operating system which is linux. The html is in different domain and different operating system which is windows. I tried using Postman to check if the way works, and it was working fine in postman in both server but when i move to html im facing CORS policy issue.

Kindly if you can help me solve this issue. Thank you

below is the error im getting when i run button to run the jQuery code

Access to fetch at 'https://{domainName}/api/connect/308' from origin '' has been blocked by CORS policy: Request header field auth is not allowed by Access-Control-Allow-Headers in preflight response.

below is the code I used to get request from the server

        jQuery(".chat-bot-icon").click(function () {
            var userId = "308";
            fetch(url + "connect/" + userId, {
                method: "GET",
                mode: "cors",
                headers: new Headers({
                    "Access-Control-Allow-Methods": "POST,GET,OPTIONS, PUT, DELETE",
                    "Access-Control-Allow-Headers":"Origin, X-Requested-With, Content-Type, Accept, Authorization",
                    "auth": "123456",
                    "Content-Type": "application/json; charset=UTF-8",
                .then(response => response.json())
                .then(json => {
                    $("#dt").text(moment().format('hh:mm:ss a'));

Below is fastAPI setup

orgins=['{certain path}','http//']

[The code for FastAPI setup](
[The code related to the connect function](

below is nginx config

location /api/ {
    if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        # Om nom nom cookies
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        # Custom headers and headers various browsers *should* be OK with but aren't
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
        # Tell client that this pre-flight info is valid for 20 days
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 204;
        include proxy_params;

Leave a Reply

Your email address will not be published.