github-starred/ollama
2
0
Fork 0
mirror of https://github.com/ollama/ollama.git synced 2026-05-07 00:22:43 -05:00
Code Issues 14.5k Packages Projects Releases 120 Wiki Activity

[GH-ISSUE #669] Allow customizing allowed headers in CORS settings #300

New Issue
Closed
opened 2026-04-12 09:50:35 -05:00 by GiteaMirror · 21 comments
GiteaMirror commented 2026-04-12 09:50:35 -05:00
Owner
Copy Link

Originally created by @spaceemotion on GitHub (Oct 1, 2023).
Original GitHub issue: https://github.com/ollama/ollama/issues/669

Based on some additional research on an issue I have (https://github.com/jmorganca/ollama/issues/300#issuecomment-1742099347), I am getting the following error in chrome/firefox:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:11434/api/tags. (Reason: header ‘baggage’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).

(see https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowHeaderFromPreflight for details)

It would be helpful to allow all headers (if possible?) as I am able to call the API via tools like curl, postman, etc., but not using fetch() from a webpage. This does not need to be the default, an env variable like OLLAMA_HOST and such works for me.

Originally created by @spaceemotion on GitHub (Oct 1, 2023). Original GitHub issue: https://github.com/ollama/ollama/issues/669 Based on some additional research on an issue I have (https://github.com/jmorganca/ollama/issues/300#issuecomment-1742099347), I am getting the following error in chrome/firefox: > Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:11434/api/tags. (Reason: header ‘baggage’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response). (see https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowHeaderFromPreflight for details) It would be helpful to allow all headers (if possible?) as I am able to call the API via tools like curl, postman, etc., but not using `fetch()` from a webpage. This does not need to be the default, an env variable like `OLLAMA_HOST` and such works for me.
GiteaMirror commented 2026-04-12 09:50:38 -05:00
Author
Owner
Copy Link

@spaceemotion commented on GitHub (Oct 8, 2023):

Quick update: I found a middleware that intercepted the fetch calls to add custom headers. Blocking the middleware for requests to Ollama did the trick. However, it would still be nice to be able to control this natively.

<!-- gh-comment-id:1752174755 --> @spaceemotion commented on GitHub (Oct 8, 2023): Quick update: I found a middleware that intercepted the fetch calls to add custom headers. Blocking the middleware for requests to Ollama did the trick. However, it would still be nice to be able to control this natively.
GiteaMirror commented 2026-04-12 09:50:38 -05:00
Author
Owner
Copy Link

@jmorganca commented on GitHub (Oct 28, 2023):

Hi @spaceemotion, OLLAMA_ORIGINS is available as an environment variable you can set: https://github.com/jmorganca/ollama/blob/main/docs/faq.md#how-can-i-allow-additional-web-origins-to-access-ollama

Hope this helps! Sorry for taking awhile to respond.

<!-- gh-comment-id:1783903239 --> @jmorganca commented on GitHub (Oct 28, 2023): Hi @spaceemotion, `OLLAMA_ORIGINS` is available as an environment variable you can set: https://github.com/jmorganca/ollama/blob/main/docs/faq.md#how-can-i-allow-additional-web-origins-to-access-ollama Hope this helps! Sorry for taking awhile to respond.
GiteaMirror commented 2026-04-12 09:50:38 -05:00
Author
Owner
Copy Link

@do-me commented on GitHub (Mar 6, 2024):

Did anyone find a solution to make this work on Firefox as well? I'm not sure whether it's missing user agent headers or whether it's http to https connection problem. 

I currently run: 

  • on Windows Powershell:$env:OLLAMA_ORIGINS="https://do-me.github.io"; ollama serve
  • on Ubuntu: OLLAMA_ORIGINS="https://do-me.github.io" ollama serve

This works on Chromium (like Chrome and Edge) but not FF. FF gives me a link to this and the logs show a 204 error.

[GIN] 2024/03/06 - 13:16:24 | 204 | 0s | 127.0.0.1 | OPTIONS "/api/chat"

Background: I want to make the Ollama SemanticFinder integration work in FF too.

<!-- gh-comment-id:1980744354 --> @do-me commented on GitHub (Mar 6, 2024): Did anyone find a solution to make this work on Firefox as well? I'm not sure whether it's missing user agent headers or whether it's http to https connection problem.  I currently run:  - on Windows Powershell:`$env:OLLAMA_ORIGINS="https://do-me.github.io"; ollama serve` - on Ubuntu: `OLLAMA_ORIGINS="https://do-me.github.io" ollama serve` This works on Chromium (like Chrome and Edge) but not FF. FF gives me a link to [this](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowHeaderFromPreflight?utm_source=devtools&utm_medium=firefox-cors-errors&utm_campaign=default) and the logs show a 204 error. `[GIN] 2024/03/06 - 13:16:24 | 204 | 0s | 127.0.0.1 | OPTIONS "/api/chat"` Background: I want to make the [Ollama SemanticFinder integration work in FF too](https://www.reddit.com/r/ollama/comments/1b79c23/inbrowser_rag_feeding_ollama/).
GiteaMirror commented 2026-04-12 09:50:39 -05:00
Author
Owner
Copy Link

@osfa commented on GitHub (Mar 14, 2024):

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1:11434/api/chat. (Reason: header ‘user-agent’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response). same issue. I also have the same issue in safari, but works in chrome. missing user agent headers is the issue I think?

<!-- gh-comment-id:1997564120 --> @osfa commented on GitHub (Mar 14, 2024): `Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1:11434/api/chat. (Reason: header ‘user-agent’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).` same issue. I also have the same issue in safari, but works in chrome. missing user agent headers is the issue I think?
GiteaMirror commented 2026-04-12 09:50:39 -05:00
Author
Owner
Copy Link

@do-me commented on GitHub (Mar 14, 2024):

The issue is precisely this, right. I suppose one could just route everything over a proxy like https://corsproxy.io/ but I'd prefer a clean solution not relying on a third-party service.

<!-- gh-comment-id:1997753095 --> @do-me commented on GitHub (Mar 14, 2024): The issue is precisely this, right. I suppose one could just route everything over a proxy like https://corsproxy.io/ but I'd prefer a clean solution not relying on a third-party service.
GiteaMirror commented 2026-04-12 09:50:39 -05:00
Author
Owner
Copy Link

@Anivie commented on GitHub (Mar 30, 2024):

I am get the same error even I am run with chrome, is there any way to solve this error with Access-Control-Allow-Headers?

<!-- gh-comment-id:2027914625 --> @Anivie commented on GitHub (Mar 30, 2024): I am get the same error even I am run with chrome, is there any way to solve this error with `Access-Control-Allow-Headers`?
GiteaMirror commented 2026-04-12 09:50:40 -05:00
Author
Owner
Copy Link

@Kmfernan5 commented on GitHub (Apr 26, 2024):

same here

<!-- gh-comment-id:2079466029 --> @Kmfernan5 commented on GitHub (Apr 26, 2024): same here
GiteaMirror commented 2026-04-12 09:50:40 -05:00
Author
Owner
Copy Link

@Yash-1511 commented on GitHub (May 2, 2024):

same issue! please resolve this issue

<!-- gh-comment-id:2091434043 --> @Yash-1511 commented on GitHub (May 2, 2024): same issue! please resolve this issue
GiteaMirror commented 2026-04-12 09:50:41 -05:00
Author
Owner
Copy Link

@ewantindale commented on GitHub (May 3, 2024):

Hi @spaceemotion, OLLAMA_ORIGINS is available as an environment variable you can set: https://github.com/jmorganca/ollama/blob/main/docs/faq.md#how-can-i-allow-additional-web-origins-to-access-ollama

Hope this helps! Sorry for taking awhile to respond.

I followed the steps here for Linux but I am still getting this error in Chrome:

Access to fetch at 'http://localhost:11434/v1/chat/completions' from origin 'http://localhost:5173' has been blocked by CORS policy: Request header field x-stainless-os is not allowed by Access-Control-Allow-Headers in preflight response.

<!-- gh-comment-id:2093781670 --> @ewantindale commented on GitHub (May 3, 2024): > Hi @spaceemotion, `OLLAMA_ORIGINS` is available as an environment variable you can set: https://github.com/jmorganca/ollama/blob/main/docs/faq.md#how-can-i-allow-additional-web-origins-to-access-ollama > > Hope this helps! Sorry for taking awhile to respond. I followed the steps here for Linux but I am still getting this error in Chrome: `Access to fetch at 'http://localhost:11434/v1/chat/completions' from origin 'http://localhost:5173' has been blocked by CORS policy: Request header field x-stainless-os is not allowed by Access-Control-Allow-Headers in preflight response.`
GiteaMirror commented 2026-04-12 09:50:41 -05:00
Author
Owner
Copy Link

@spaceemotion commented on GitHub (May 3, 2024):

@ewantindale the x-stainless headers are from the OpenAI SDK, you have to replace how it handles headers internally as a workaround:


class NoStainlessOpenAI extends OpenAI {
  defaultHeaders(opts: FinalRequestOptions) {
    return {
      Accept: 'application/json',
      'Content-Type': 'application/json',
      ...this.authHeaders(opts),
    };
  }
}
<!-- gh-comment-id:2093785030 --> @spaceemotion commented on GitHub (May 3, 2024): @ewantindale the `x-stainless` headers are from the OpenAI SDK, you have to replace how it handles headers internally as a workaround: ```ts class NoStainlessOpenAI extends OpenAI { defaultHeaders(opts: FinalRequestOptions) { return { Accept: 'application/json', 'Content-Type': 'application/json', ...this.authHeaders(opts), }; } } ```
GiteaMirror commented 2026-04-12 09:50:41 -05:00
Author
Owner
Copy Link

@ewantindale commented on GitHub (May 3, 2024):

@ewantindale the x-stainless headers are from the OpenAI SDK, you have to replace how it handles headers internally as a workaround:

class NoStainlessOpenAI extends OpenAI {
  defaultHeaders(opts: FinalRequestOptions) {
    return {
      Accept: 'application/json',
      'Content-Type': 'application/json',
      ...this.authHeaders(opts),
    };
  }
}

Thanks, fixed that issue but now I get

Access to fetch at 'http://localhost:11434/v1/chat/completions' from origin 'http://localhost:5173' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.

I am following the instructions here: https://github.com/ollama/ollama/blob/main/docs/openai.md

<!-- gh-comment-id:2093805934 --> @ewantindale commented on GitHub (May 3, 2024): > @ewantindale the `x-stainless` headers are from the OpenAI SDK, you have to replace how it handles headers internally as a workaround: > > ```ts > class NoStainlessOpenAI extends OpenAI { > defaultHeaders(opts: FinalRequestOptions) { > return { > Accept: 'application/json', > 'Content-Type': 'application/json', > ...this.authHeaders(opts), > }; > } > } > ``` Thanks, fixed that issue but now I get `Access to fetch at 'http://localhost:11434/v1/chat/completions' from origin 'http://localhost:5173' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.` I am following the instructions here: https://github.com/ollama/ollama/blob/main/docs/openai.md
GiteaMirror commented 2026-04-12 09:50:42 -05:00
Author
Owner
Copy Link

@spaceemotion commented on GitHub (May 3, 2024):

@ewantindale you can just remove this line from the extended class:

      ...this.authHeaders(opts),
<!-- gh-comment-id:2093817756 --> @spaceemotion commented on GitHub (May 3, 2024): @ewantindale you can just remove this line from the extended class: ```ts ...this.authHeaders(opts), ```
GiteaMirror commented 2026-04-12 09:50:42 -05:00
Author
Owner
Copy Link

@j2l commented on GitHub (May 4, 2024):

Same issue on FF on ubuntu, but working with Chromium.
I'd love to use this on FF.

<!-- gh-comment-id:2094256443 --> @j2l commented on GitHub (May 4, 2024): Same issue on FF on ubuntu, but working with Chromium. I'd love to use this on FF.
GiteaMirror commented 2026-04-12 09:50:42 -05:00
Author
Owner
Copy Link

@LoopControl commented on GitHub (May 7, 2024):

Same issue here. User agent header should be allowed in CORS for Ollama.

Without it, it makes the CORS support basically useless in Ollama since almost every client sends a user-agent header.

<!-- gh-comment-id:2097173871 --> @LoopControl commented on GitHub (May 7, 2024): Same issue here. User agent header should be allowed in CORS for Ollama. Without it, it makes the CORS support basically useless in Ollama since almost every client sends a user-agent header.
GiteaMirror commented 2026-04-12 09:50:43 -05:00
Author
Owner
Copy Link

@mholtzhausen commented on GitHub (May 7, 2024):

Same issue -- I cant use a very useful web-based chatui with ollama running locally because the webui sets the authorization header, and ollama won't allow it -- why not?

<!-- gh-comment-id:2098283756 --> @mholtzhausen commented on GitHub (May 7, 2024): Same issue -- I cant use a very useful web-based chatui with ollama running locally because the webui sets the authorization header, and ollama won't allow it -- why not?
GiteaMirror commented 2026-04-12 09:50:43 -05:00
Author
Owner
Copy Link

@whinc commented on GitHub (Jan 20, 2025):

alternative solution: start a nginx server as a proxy to ollama server, then you can configure cors in nginx leaving ollama server untouched.

request chain: browser -> nginx proxy -> ollama server

nginx conf

server {
    listen 8080;
    server_name <your_domain>;

    location /api {
        # keep host same as ollama server to avoid cors
        proxy_set_header Host '127.0.0.1';
        # hide origin to avoid ollama server response 403
        proxy_set_header Origin '';

        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' "$cors_origin";
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, x-requested-with';
           # uncomment if you request include credentials
            #add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            add_header 'Content-Length' 0;
            return 204;
        }

        if ($cors_origin) {
            add_header 'Access-Control-Allow-Origin' "$cors_origin";
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, x-requested-with';
            #add_header 'Access-Control-Allow-Credentials' 'true';
        }
        proxy_pass http://localhost:11434;
    }
}
<!-- gh-comment-id:2601498634 --> @whinc commented on GitHub (Jan 20, 2025): alternative solution: start a nginx server as a proxy to ollama server, then you can configure cors in nginx leaving ollama server untouched. request chain: browser -> nginx proxy -> ollama server nginx conf ``` server { listen 8080; server_name <your_domain>; location /api { # keep host same as ollama server to avoid cors proxy_set_header Host '127.0.0.1'; # hide origin to avoid ollama server response 403 proxy_set_header Origin ''; if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' "$cors_origin"; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, x-requested-with'; # uncomment if you request include credentials #add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; return 204; } if ($cors_origin) { add_header 'Access-Control-Allow-Origin' "$cors_origin"; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, x-requested-with'; #add_header 'Access-Control-Allow-Credentials' 'true'; } proxy_pass http://localhost:11434; } } ```
GiteaMirror commented 2026-04-12 09:50:43 -05:00
Author
Owner
Copy Link

@mmar58 commented on GitHub (Jan 26, 2025):

Hi, I found a solution. We can use a node js middle man. Who will receive prompt through the api and send ollama stream response.
I created a node project https://github.com/mmar58/Ollama-Global-API for this reason. You guys can also try it. It allows you to access ollama through any network on any device thought the api.

<!-- gh-comment-id:2614254853 --> @mmar58 commented on GitHub (Jan 26, 2025): Hi, I found a solution. We can use a node js middle man. Who will receive prompt through the api and send ollama stream response. I created a node project https://github.com/mmar58/Ollama-Global-API for this reason. You guys can also try it. It allows you to access ollama through any network on any device thought the api.
GiteaMirror commented 2026-04-12 09:50:43 -05:00
Author
Owner
Copy Link

@whinc commented on GitHub (Feb 6, 2025):

alternative solution: start a nginx server as a proxy to ollama server, then you can configure cors in nginx leaving ollama server untouched.

request chain: browser -> nginx proxy -> ollama server

nginx conf

server {
    listen 8080;
    server_name <your_domain>;

    location /api {
        # keep host same as ollama server to avoid cors
        proxy_set_header Host '127.0.0.1';
        # hide origin to avoid ollama server response 403
        proxy_set_header Origin '';

        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' "$cors_origin";
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, x-requested-with';
           # uncomment if you request include credentials
            #add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            add_header 'Content-Length' 0;
            return 204;
        }

        if ($cors_origin) {
            add_header 'Access-Control-Allow-Origin' "$cors_origin";
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, x-requested-with';
            #add_header 'Access-Control-Allow-Credentials' 'true';
        }
        proxy_pass http://localhost:11434;
    }
}

Oh my! It turns out that ollama serve natively supports setting cross-origin configuration, you just need to set an environment variable.

$ollama serve --help
......
Environment Variables:                                                         [0/1195]
      OLLAMA_DEBUG               Show additional debug information (e.g. OLLAMA_DEBUG=1)     
      OLLAMA_HOST                IP Address for the ollama server (default 127.0.0.1:11434)
      OLLAMA_KEEP_ALIVE          The duration that models stay loaded in memory (default "5m")       
      OLLAMA_MAX_LOADED_MODELS   Maximum number of loaded models per GPU              
      OLLAMA_MAX_QUEUE           Maximum number of queued requests                    
      OLLAMA_MODELS              The path to the models directory                     
      OLLAMA_NUM_PARALLEL        Maximum number of parallel requests                  
      OLLAMA_NOPRUNE             Do not prune model blobs on startup                  
      OLLAMA_ORIGINS             A comma separated list of allowed origins   👈 👈 👈           
      OLLAMA_SCHED_SPREAD        Always schedule model across all GPUs                
                                                                                       
      OLLAMA_FLASH_ATTENTION     Enabled flash attention                              
      OLLAMA_KV_CACHE_TYPE       Quantization type for the K/V cache (default: f16)    
      OLLAMA_LLM_LIBRARY         Set LLM library to bypass autodetection              
      OLLAMA_GPU_OVERHEAD        Reserve a portion of VRAM per GPU (bytes)            
      OLLAMA_LOAD_TIMEOUT        How long to allow model loads to stall before giving up (default "5m")
<!-- gh-comment-id:2638740394 --> @whinc commented on GitHub (Feb 6, 2025): > alternative solution: start a nginx server as a proxy to ollama server, then you can configure cors in nginx leaving ollama server untouched. > > request chain: browser -> nginx proxy -> ollama server > > nginx conf > > ``` > server { > listen 8080; > server_name <your_domain>; > > location /api { > # keep host same as ollama server to avoid cors > proxy_set_header Host '127.0.0.1'; > # hide origin to avoid ollama server response 403 > proxy_set_header Origin ''; > > if ($request_method = 'OPTIONS') { > add_header 'Access-Control-Allow-Origin' "$cors_origin"; > add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; > add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, x-requested-with'; > # uncomment if you request include credentials > #add_header 'Access-Control-Allow-Credentials' 'true'; > add_header 'Access-Control-Max-Age' 1728000; > add_header 'Content-Type' 'text/plain charset=UTF-8'; > add_header 'Content-Length' 0; > return 204; > } > > if ($cors_origin) { > add_header 'Access-Control-Allow-Origin' "$cors_origin"; > add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; > add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, x-requested-with'; > #add_header 'Access-Control-Allow-Credentials' 'true'; > } > proxy_pass http://localhost:11434; > } > } > ``` Oh my! It turns out that `ollama serve` natively supports setting cross-origin configuration, you just need to set an environment variable. ```bash $ollama serve --help ...... Environment Variables: [0/1195] OLLAMA_DEBUG Show additional debug information (e.g. OLLAMA_DEBUG=1) OLLAMA_HOST IP Address for the ollama server (default 127.0.0.1:11434) OLLAMA_KEEP_ALIVE The duration that models stay loaded in memory (default "5m") OLLAMA_MAX_LOADED_MODELS Maximum number of loaded models per GPU OLLAMA_MAX_QUEUE Maximum number of queued requests OLLAMA_MODELS The path to the models directory OLLAMA_NUM_PARALLEL Maximum number of parallel requests OLLAMA_NOPRUNE Do not prune model blobs on startup OLLAMA_ORIGINS A comma separated list of allowed origins 👈 👈 👈 OLLAMA_SCHED_SPREAD Always schedule model across all GPUs OLLAMA_FLASH_ATTENTION Enabled flash attention OLLAMA_KV_CACHE_TYPE Quantization type for the K/V cache (default: f16) OLLAMA_LLM_LIBRARY Set LLM library to bypass autodetection OLLAMA_GPU_OVERHEAD Reserve a portion of VRAM per GPU (bytes) OLLAMA_LOAD_TIMEOUT How long to allow model loads to stall before giving up (default "5m") ```
GiteaMirror commented 2026-04-12 09:50:44 -05:00
Author
Owner
Copy Link

@LoopControl commented on GitHub (Feb 6, 2025):

Oh my! It turns out that ollama serve natively supports setting cross-origin configuration, you just need to set an environment variable.

If you read the above replies, you can see that was already mentioned but even with that environment variable enabled, ollama still denies some headers which is the issue.

<!-- gh-comment-id:2638748697 --> @LoopControl commented on GitHub (Feb 6, 2025): > Oh my! It turns out that `ollama serve` natively supports setting cross-origin configuration, you just need to set an environment variable. If you read the above replies, you can see that was already mentioned but even with that environment variable enabled, ollama still denies some headers which is the issue.
GiteaMirror commented 2026-04-12 09:50:44 -05:00
Author
Owner
Copy Link

@whinc commented on GitHub (Feb 6, 2025):

Oh my! It turns out that ollama serve natively supports setting cross-origin configuration, you just need to set an environment variable.

If you read the above replies, you can see that was already mentioned but even with that environment variable enabled, ollama still denies some headers which is the issue.

Oh, yes. Ollama can only set the "origin", and currently does not support setting other "access-control-*" headers. It still needs to rely on Nginx or other proxy services to achieve this.

<!-- gh-comment-id:2638776678 --> @whinc commented on GitHub (Feb 6, 2025): > > > Oh my! It turns out that `ollama serve` natively supports setting cross-origin configuration, you just need to set an environment variable. > > If you read the above replies, you can see that was already mentioned but even with that environment variable enabled, ollama still denies some headers which is the issue. Oh, yes. Ollama can only set the "origin", and currently does not support setting other "access-control-*" headers. It still needs to rely on Nginx or other proxy services to achieve this.
GiteaMirror commented 2026-04-12 09:50:45 -05:00
Author
Owner
Copy Link

@z4none commented on GitHub (Feb 18, 2025):

first set OLLAMA_ORIGINS environment variable when starting the ollama process,
for example:

OLLAMA_ORIGINS=http://*

then in js:

const client = new OpenAI({
  apiKey: 'ollama',
  baseURL: 'http://localhost:11434/v1',
  dangerouslyAllowBrowser: true,
  defaultHeaders: {
    'x-stainless-retry-count': null,
    'x-stainless-timeout': null,
  },
});
<!-- gh-comment-id:2664585028 --> @z4none commented on GitHub (Feb 18, 2025): first set OLLAMA_ORIGINS environment variable when starting the ollama process, for example: ``` OLLAMA_ORIGINS=http://* ``` then in js: ``` const client = new OpenAI({ apiKey: 'ollama', baseURL: 'http://localhost:11434/v1', dangerouslyAllowBrowser: true, defaultHeaders: { 'x-stainless-retry-count': null, 'x-stainless-timeout': null, }, }); ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
amd
api
app
bug
build
cli
cloud
compatibility
context-length
create
docker
documentation
embeddings
feature request
feedback wanted
good first issue
gpt-oss
gpu
harmony
help wanted
image
install
intel
js
launch
linux
macos
memory
mlx
model
needs more info
networking
nvidia
ollama.com
performance
pull-request
Mirrored from GitHub Pull Request
 python
question
registry
rendering
thinking
tools
top
vulkan
windows
wsl
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/ollama#300
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?