Add a --cors command line option to stdlib http.server #135056
Labels
type-feature
A feature request or enhancement
Comments
aisipos
added a commit
to aisipos/cpython
that referenced
this issue
Jun 3, 2025
Add a --cors command line argument to the stdlib http.server module, which will add an `Access-Control-Allow-Origin: *` header to all responses. As part of this implementation, add a `response_headers` argument to SimpleHTTPRequestHandler and HttpServer, which allows callers to add addition headers to the response.
aisipos
added a commit
to aisipos/cpython
that referenced
this issue
Jun 3, 2025
Add a --cors command line argument to the stdlib http.server module, which will add an `Access-Control-Allow-Origin: *` header to all responses. As part of this implementation, add a `response_headers` argument to SimpleHTTPRequestHandler and HttpServer, which allows callers to add addition headers to the response.
aisipos
added a commit
to aisipos/cpython
that referenced
this issue
Jun 3, 2025
Add a --cors command line argument to the stdlib http.server module, which will add an `Access-Control-Allow-Origin: *` header to all responses. As part of this implementation, add a `response_headers` argument to SimpleHTTPRequestHandler and HttpServer, which allows callers to add addition headers to the response.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Feature or enhancement
Proposal:
Add a
--corscommand line option to thehttp.serverstdlib module, which when specified will add this CORS header to all responses:This is useful during local web development, which is a common use case for
http.server. If a user is developing Javascript on one local web server, and making Javascript requests against static assets served by a separately runningpython -m http.server, those requests will fail due to the browser's default cross-origin request policy. With the rise in popularity of tools like pyodide and pyscript, whose implementations are subject to the same Javascript cross-origin request logic, I expect similar use cases to this to become more common. It would be useful forhttp.serverto support an open cross-origin response header via the command line like so:This allows the user to serve static assets locally that can be requested by Javascript anywhere the server is visible. The new headers are opt-in only, no default behavior is changed without the flag.
Has this already been discussed elsewhere?
I have already discussed this feature proposal on Discourse
Links to previous discussion of this feature:
I started a thread about this feature on python-ideas:
https://discuss.python.org/t/any-interest-in-adding-a-cors-option-to-python-m-http-server/92120/10
The thread has a mixed response. Some are for it, some against, and some are in favor of a more generalized approach. I discussed the feature with some developers in person at Pycon 2025, the result being that there is possibly enough interest to add this feature.
Linked PRs
The text was updated successfully, but these errors were encountered: