I have an fullstack app that uses FastAPI as a backend server, postgres and next.js frontend.
When running locally using docker-compose, everything works fine. After deployment (backend and postgres are deployed on fly.io), there is an issue with cors headers. Preflight requests to the backend gives me 200 and correct headers. I know that GET / POST requests also sets correct headers, like origins, content type etc. But what I figured out is that request handled by fly.io deployment is passed by some kind of proxy (for example via headers in the responses) and cors headers seems to be filtered out from the original requests. Because of that, I can’t make any requests from the frontend to the backend that uses credentials, auth headers and generally utilizes CORS.
I managed to make a workaround for now:
[[services]]
internal_port = 8080
protocol = "tcp"
[[services.ports]]
force_https = true
handlers = ["http"]
port = 80
[[services.ports]]
handlers = ["tls", "http"]
port = 443
[services.ports.http_options.response.headers]
Access-Control-Allow-Origin = "https://frontend-url.com"
Access-Control-Allow-Methods = "DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT"
Access-Control-Allow-Headers = "content-type, authorization"
Access-Control-Allow-Credentials = "true"
Access-Control-Max-Age = "600"
FastAPI abckend is configured to work with the cors
app.add_middleware(SessionMiddleware, secret_key=settings.SESSION_SECRET_KEY)
app.add_middleware(
CORSMiddleware,
allow_origins=["https://frontend-url.com"],
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
WIth this fly.toml setup it works, but it does not use headers generated by my backend, it instead injects these headers to every response. Is there a way to prevent fly.io from filtering headers and setting it correctly according to the server logic??