How to beginner · 3 min read

How to add CORS to FastAPI LLM app

Quick answer
Add CORS to a FastAPI LLM app by installing and using fastapi.middleware.cors.CORSMiddleware. Configure allowed origins and attach the middleware to your app instance to enable cross-origin requests securely.

PREREQUISITES

  • Python 3.8+
  • pip install fastapi uvicorn
  • pip install openai>=1.0
  • OpenAI API key set in environment variable

Setup

Install fastapi and uvicorn for the web server, and ensure your environment has the OpenAI API key set.

  • Run pip install fastapi uvicorn openai
  • Set your API key in the environment: export OPENAI_API_KEY='your_api_key' (Linux/macOS) or set OPENAI_API_KEY=your_api_key (Windows)
bash
pip install fastapi uvicorn openai

Step by step

This example shows how to add CORS middleware to a FastAPI app that calls the OpenAI API to generate text completions using gpt-4o. It allows cross-origin requests from specified origins.

python
import os
from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware
from openai import OpenAI

app = FastAPI()

# Configure CORS
origins = [
    "http://localhost",
    "http://localhost:3000",
    "https://your-frontend-domain.com"
]

app.add_middleware(
    CORSMiddleware,
    allow_origins=origins,
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"]
)

client = OpenAI(api_key=os.environ["OPENAI_API_KEY"])

@app.post("/generate")
async def generate_text(prompt: str):
    response = client.chat.completions.create(
        model="gpt-4o",
        messages=[{"role": "user", "content": prompt}]
    )
    return {"response": response.choices[0].message.content}

# To run: uvicorn filename:app --reload

Common variations

You can configure CORS to allow all origins by setting allow_origins=["*"], but this is not recommended for production. For async streaming responses, keep the same CORS setup. To use a different model, change the model parameter in the OpenAI client call.

python
app.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],  # Allow all origins (use with caution)
    allow_credentials=True,
    allow_methods=["GET", "POST"],
    allow_headers=["*"]
)

# Example with a different model
response = client.chat.completions.create(
    model="gpt-4.1-mini",
    messages=[{"role": "user", "content": prompt}]
)

Troubleshooting

  • If you get CORS errors in the browser, verify the allow_origins list includes the frontend URL exactly.
  • If the API key is missing or invalid, the OpenAI client will raise an authentication error.
  • Ensure uvicorn is running and the endpoint URL matches your frontend requests.

Key Takeaways

  • Use FastAPI's CORSMiddleware to enable cross-origin requests securely.
  • Specify allowed origins explicitly to avoid security risks.
  • Keep your OpenAI API key in environment variables for safety.
  • Adjust CORS settings based on your frontend deployment domain.
  • Test CORS behavior locally before deploying to production.
Verified 2026-04 · gpt-4o, gpt-4.1-mini
Verify ↗

People also ask

🛠 How to build chatbot with FastAPI AI Chatbots 🛠 FastAPI StreamingResponse for LLM ai-streaming 🐛 How to handle Claude stream in FastAPI ai-streaming 🛠 How to stream LLM responses with FastAPI ai-streaming 🛠 How to use Server-Sent Events with FastAPI ai-streaming

Up next

🛠 How to add health check to FastAPI LLM app 🛠 How to add logging middleware to FastAPI LLM app 🐛 How to add rate limiting to FastAPI LLM endpoint 🛠 How to add request caching to FastAPI LLM endpoint

More in Guides

🛠 FastAPI LLM app monitoring best practices 🛠 FastAPI LLM app production checklist 🛠 How to accept file uploads for LLM in FastAPI 🛠 How to add authentication to FastAPI LLM endpoint