CORS issue after FastAPI server deployment

I have an fullstack app that uses FastAPI as a backend server, postgres and next.js frontend.
When running locally using docker-compose, everything works fine. After deployment (backend and postgres are deployed on, there is an issue with cors headers. Preflight requests to the backend gives me 200 and correct headers. I know that GET / POST requests also sets correct headers, like origins, content type etc. But what I figured out is that request handled by deployment is passed by some kind of proxy (for example via headers in the responses) and cors headers seems to be filtered out from the original requests. Because of that, I can’t make any requests from the frontend to the backend that uses credentials, auth headers and generally utilizes CORS.
I managed to make a workaround for now:

  internal_port = 8080
  protocol = "tcp"

    force_https = true
    handlers = ["http"]
    port = 80

    handlers = ["tls", "http"]
    port = 443

    Access-Control-Allow-Origin = ""
    Access-Control-Allow-Methods = "DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT"
    Access-Control-Allow-Headers = "content-type, authorization"
    Access-Control-Allow-Credentials = "true"
    Access-Control-Max-Age = "600"

FastAPI abckend is configured to work with the cors

app.add_middleware(SessionMiddleware, secret_key=settings.SESSION_SECRET_KEY)

WIth this fly.toml setup it works, but it does not use headers generated by my backend, it instead injects these headers to every response. Is there a way to prevent from filtering headers and setting it correctly according to the server logic??

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.