github-starred/ollama
2
0
Fork 0
mirror of https://github.com/ollama/ollama.git synced 2026-05-07 00:22:43 -05:00
Code Issues 14.5k Packages Projects Releases 120 Wiki Activity

[GH-ISSUE #300] Provide a way to allow connections to Ollama from web browser origins other than localhost and 0.0.0.0 #62172

New Issue
Closed
opened 2026-05-03 07:44:19 -05:00 by GiteaMirror · 14 comments
GiteaMirror commented 2026-05-03 07:44:19 -05:00
Owner
Copy Link

Originally created by @jmorganca on GitHub (Aug 6, 2023).
Original GitHub issue: https://github.com/ollama/ollama/issues/300

Currently, Ollama has CORS rules that allow pages hosted on localhost to connect to localhost:11434. #282 adds support for 0.0.0.0, but some hosted web pages want to leverage a local running Ollama.

Simply opening up CORS to all origins wouldn't be secure: any website could call the API by simply browsing to it. However, we should consider adding a way for users to "approve" of an origin using their local Ollama instance, similar to deep links on iOS and macOS

Originally created by @jmorganca on GitHub (Aug 6, 2023). Original GitHub issue: https://github.com/ollama/ollama/issues/300 Currently, Ollama has CORS rules that allow pages hosted on `localhost` to connect to `localhost:11434`. #282 adds support for `0.0.0.0`, but some hosted web pages want to leverage a local running Ollama. Simply opening up CORS to all origins wouldn't be secure: any website could call the API by simply browsing to it. However, we should consider adding a way for users to "approve" of an origin using their local Ollama instance, similar to [deep links](https://developer.apple.com/documentation/xcode/allowing-apps-and-websites-to-link-to-your-content) on iOS and macOS
GiteaMirror added the feature request label 2026-05-03 07:44:19 -05:00
GiteaMirror commented 2026-05-03 07:44:22 -05:00
Author
Owner
Copy Link

@ba1uev commented on GitHub (Aug 6, 2023):

I would like to suggest the following implementation:

  1. Add new origin command
ollama origin add https://example.com
ollama origin remove https://example.com
ollama origin list
  1. Save the specified origins in the ~/.ollama/origins file
  2. During each server launch, merge the default AllowOrigins list with the list of trusted origins from the ~/.ollama/origins file

Let me know what you think

<!-- gh-comment-id:1666974052 --> @ba1uev commented on GitHub (Aug 6, 2023): I would like to suggest the following implementation: 1. Add new `origin` command ``` ollama origin add https://example.com ollama origin remove https://example.com ollama origin list ``` 2. Save the specified origins in the `~/.ollama/origins` file 3. During each server launch, merge the default [`AllowOrigins`](https://github.com/jmorganca/ollama/blob/06fc48ad6667872ee85f2f504703f44761bf0090/server/routes.go#L308C1-L308C1) list with the list of trusted origins from the `~/.ollama/origins` file Let me know what you think
GiteaMirror commented 2026-05-03 07:44:22 -05:00
Author
Owner
Copy Link

@cmiller01 commented on GitHub (Aug 7, 2023):

I think I could pick this up, perhaps passing some flags to the serve command would work nicely and then no need to deal with additional config.

For example:

serveCmd.Flags().StringP("port", "p", "11434", "Port to listen on, may also use OLLAMA_PORT environment variable")
serveCmd.Flags().StringP("host", "h", "127.0.0.1", "Host listen address, may also use OLLAMA_HOST environment variable")
serveCmd.Flags().StringSlice("allowed-origins", "", "Additional allowed CORS origins (outside of localhost)")

I added port and host too, I think it's nice to have available to set here since these all deal with server params, but fine to remove too.

<!-- gh-comment-id:1667103494 --> @cmiller01 commented on GitHub (Aug 7, 2023): I think I could pick this up, perhaps passing some flags to the `serve` command would work nicely and then no need to deal with additional config. For example: ```go serveCmd.Flags().StringP("port", "p", "11434", "Port to listen on, may also use OLLAMA_PORT environment variable") serveCmd.Flags().StringP("host", "h", "127.0.0.1", "Host listen address, may also use OLLAMA_HOST environment variable") serveCmd.Flags().StringSlice("allowed-origins", "", "Additional allowed CORS origins (outside of localhost)") ``` I added port and host too, I think it's nice to have available to set here since these all deal with server params, but fine to remove too.
GiteaMirror commented 2026-05-03 07:44:22 -05:00
Author
Owner
Copy Link

@ba1uev commented on GitHub (Aug 7, 2023):

@cmiller01 how about the idea of persistently storing a custom allowed origins list? This way, running the server could still be as simple as starting the Electron app. I believe this would be much more convenient for third-party client users.

<!-- gh-comment-id:1667659216 --> @ba1uev commented on GitHub (Aug 7, 2023): @cmiller01 how about the idea of persistently storing a custom allowed origins list? This way, running the server could still be as simple as starting the Electron app. I believe this would be much more convenient for third-party client users.
GiteaMirror commented 2026-05-03 07:44:23 -05:00
Author
Owner
Copy Link

@cmiller01 commented on GitHub (Aug 7, 2023):

@cmiller01 how about the idea of persistently storing a custom allowed origins list? This way, running the server could still be as simple as starting the Electron app. I believe this would be much more convenient for third-party client users.

Yep, I think having this be stored in config makes sense too, I didn't see any "serve" configuration (might have missed) so I went with command-line flags, but they're not mutually exclusive.

I've used Viper in the past which makes config/flags/environment variables all work together nicely, but was keeping the scope of the changes smaller at first.

<!-- gh-comment-id:1668394876 --> @cmiller01 commented on GitHub (Aug 7, 2023): > @cmiller01 how about the idea of persistently storing a custom allowed origins list? This way, running the server could still be as simple as starting the Electron app. I believe this would be much more convenient for third-party client users. Yep, I think having this be stored in config makes sense too, I didn't see any "serve" configuration (might have missed) so I went with command-line flags, but they're not mutually exclusive. I've used [Viper](https://github.com/spf13/viper) in the past which makes config/flags/environment variables all work together nicely, but was keeping the scope of the changes smaller at first.
GiteaMirror commented 2026-05-03 07:44:24 -05:00
Author
Owner
Copy Link

@welniak commented on GitHub (Aug 20, 2023):

Hey, I am trying to specify the origin using the --allowed-origins flag, as described in this PR https://github.com/jmorganca/ollama/pull/301, however, it doesn't seem to work for me- I get back Error: unknown flag: --allowed-origins. The same happens when I try to specify the port using a flag. I am using the 0.0.15 version of ollama

<!-- gh-comment-id:1685255522 --> @welniak commented on GitHub (Aug 20, 2023): Hey, I am trying to specify the origin using the `--allowed-origins` flag, as described in this PR https://github.com/jmorganca/ollama/pull/301, however, it doesn't seem to work for me- I get back `Error: unknown flag: --allowed-origins`. The same happens when I try to specify the port using a flag. I am using the 0.0.15 version of ollama
GiteaMirror commented 2026-05-03 07:44:25 -05:00
Author
Owner
Copy Link

@cmiller01 commented on GitHub (Aug 20, 2023):

It looks like the flag got changed to --origins if you do ollama serve --help I think it should show the list of flags available

<!-- gh-comment-id:1685303795 --> @cmiller01 commented on GitHub (Aug 20, 2023): It looks like the flag got changed to `--origins` if you do `ollama serve --help` I think it should show the list of flags available
GiteaMirror commented 2026-05-03 07:44:26 -05:00
Author
Owner
Copy Link

@welniak commented on GitHub (Aug 21, 2023):

Thanks for the response. Unfortunately, the --origins flag gives me the same error: Error: unknown flag: --origins. ollama serve --help only lists the --help flag:

ollama serve --help
Start ollama

Usage:
  ollama serve [flags]

Aliases:
  serve, start

Flags:
  -h, --help   help for serve
<!-- gh-comment-id:1686140530 --> @welniak commented on GitHub (Aug 21, 2023): Thanks for the response. Unfortunately, the `--origins` flag gives me the same error: `Error: unknown flag: --origins`. `ollama serve --help` only lists the `--help` flag: ``` ollama serve --help Start ollama Usage: ollama serve [flags] Aliases: serve, start Flags: -h, --help help for serve ```
GiteaMirror commented 2026-05-03 07:44:28 -05:00
Author
Owner
Copy Link

@cmiller01 commented on GitHub (Aug 22, 2023):

@welniak looks like it's all environment variables now: e3054fc74e/cmd/cmd.go (L571) so setting OLLAMA_ORIGINS seems like it would work

<!-- gh-comment-id:1687391802 --> @cmiller01 commented on GitHub (Aug 22, 2023): @welniak looks like it's all environment variables now: https://github.com/jmorganca/ollama/blob/e3054fc74e2101de8416976c2dd63e2796081061/cmd/cmd.go#L571 so setting `OLLAMA_ORIGINS` seems like it would work
GiteaMirror commented 2026-05-03 07:44:29 -05:00
Author
Owner
Copy Link

@welniak commented on GitHub (Aug 22, 2023):

Thank you @cmiller01 , that worked!

<!-- gh-comment-id:1687812525 --> @welniak commented on GitHub (Aug 22, 2023): Thank you @cmiller01 , that worked!
GiteaMirror commented 2026-05-03 07:44:31 -05:00
Author
Owner
Copy Link

@jmorganca commented on GitHub (Aug 27, 2023):

Yes OLLAMA_ORIGINS=http://my.origin.net,http://192.168.1.0:* ollama serve will work for running the Ollama server with additional allowed origins.

Related: https://github.com/jmorganca/ollama/issues/433

<!-- gh-comment-id:1694761339 --> @jmorganca commented on GitHub (Aug 27, 2023): Yes `OLLAMA_ORIGINS=http://my.origin.net,http://192.168.1.0:* ollama serve` will work for running the Ollama server with additional allowed origins. Related: https://github.com/jmorganca/ollama/issues/433
GiteaMirror commented 2026-05-03 07:44:32 -05:00
Author
Owner
Copy Link

@spaceemotion commented on GitHub (Oct 1, 2023):

I don't know what I am doing wrong, but the following does not quite work:

I have the server running as follows:

OLLAMA_HOST=0.0.0.0 OLLAMA_ORIGINS=https://app.myapp.com ollama serve

When i try to call /api/tags the browser sends an OPTIONS request (as expected) and returns the following:

HTTP/1.1 204 No Content
Access-Control-Allow-Headers: Origin,Content-Length,Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS
Access-Control-Allow-Origin: https://app.myapp.com
Access-Control-Max-Age: 43200
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Date: Sun, 01 Oct 2023 13:42:21 GMT

However, the actual GET request still fails in chrome, and just errors out (without any explanation from the server).
The Ollama console shows two requests (due to my JS retrying after the first fail), but no GET requests:

[GIN] 2023/10/01 - 15:51:49 | 204 |       16.78µs |             ::1 | OPTIONS  "/api/tags"
[GIN] 2023/10/01 - 15:51:49 | 204 |        6.64µs |             ::1 | OPTIONS  "/api/tags"
<!-- gh-comment-id:1742099347 --> @spaceemotion commented on GitHub (Oct 1, 2023): I don't know what I am doing wrong, but the following does not quite work: I have the server running as follows: ```bash OLLAMA_HOST=0.0.0.0 OLLAMA_ORIGINS=https://app.myapp.com ollama serve ``` When i try to call `/api/tags` the browser sends an `OPTIONS` request (as expected) and returns the following: ``` HTTP/1.1 204 No Content Access-Control-Allow-Headers: Origin,Content-Length,Content-Type Access-Control-Allow-Methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS Access-Control-Allow-Origin: https://app.myapp.com Access-Control-Max-Age: 43200 Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Date: Sun, 01 Oct 2023 13:42:21 GMT ``` However, the actual GET request still fails in chrome, and just errors out (without any explanation from the server). The Ollama console shows two requests (due to my JS retrying after the first fail), but no GET requests: ``` [GIN] 2023/10/01 - 15:51:49 | 204 | 16.78µs | ::1 | OPTIONS "/api/tags" [GIN] 2023/10/01 - 15:51:49 | 204 | 6.64µs | ::1 | OPTIONS "/api/tags" ```
GiteaMirror commented 2026-05-03 07:44:33 -05:00
Author
Owner
Copy Link

@WasamiKirua commented on GitHub (Oct 23, 2023):

If you have the ollama service set to start at boot (I am on linux), you could modify the /etc/systemd/system/ollama.service as follow:

ExecStart=/bin/sh -c 'export OLLAMA_HOST=0.0.0.0; exec /usr/local/bin/ollama serve'

remember to run: $sudo systemctl daemon-reload
and after: $sudo systemctl restart ollama.service

<!-- gh-comment-id:1775114437 --> @WasamiKirua commented on GitHub (Oct 23, 2023): If you have the ollama service set to start at boot (I am on linux), you could modify the /etc/systemd/system/ollama.service as follow: ExecStart=/bin/sh -c 'export OLLAMA_HOST=0.0.0.0; exec /usr/local/bin/ollama serve' remember to run: $sudo systemctl daemon-reload and after: $sudo systemctl restart ollama.service
GiteaMirror commented 2026-05-03 07:44:35 -05:00
Author
Owner
Copy Link

@sandangel commented on GitHub (Nov 25, 2023):

Hi, is it possible to have a config file so macos app will also work?

<!-- gh-comment-id:1826434144 --> @sandangel commented on GitHub (Nov 25, 2023): Hi, is it possible to have a config file so macos app will also work?
GiteaMirror commented 2026-05-03 07:44:36 -05:00
Author
Owner
Copy Link

@BobochD-Brew commented on GitHub (Jan 29, 2025):

Hey,

@jmorganca initially proposed:
"we should consider adding a way for users to "approve" of an origin using their local Ollama instance"

that would be nice, is there any updates on this? I think ollama is used a lot by non devs and doing that for every domain is tedious

<!-- gh-comment-id:2621807010 --> @BobochD-Brew commented on GitHub (Jan 29, 2025): Hey, @jmorganca initially proposed: "we should consider adding a way for users to "approve" of an origin using their local Ollama instance" that would be nice, is there any updates on this? I think ollama is used a lot by non devs and doing that for every domain is tedious
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
amd
api
app
bug
build
cli
cloud
compatibility
context-length
create
docker
documentation
embeddings
feature request
feedback wanted
good first issue
gpt-oss
gpu
harmony
help wanted
image
install
intel
js
launch
linux
macos
memory
mlx
model
needs more info
networking
nvidia
ollama.com
performance
pull-request
Mirrored from GitHub Pull Request
 python
question
registry
rendering
thinking
tools
top
vulkan
windows
wsl
No Label feature request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/ollama#62172
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?