{"library":"aiohttp-cors","title":"aiohttp-cors","description":"aiohttp-cors provides Cross-Origin Resource Sharing (CORS) support for aiohttp, the asynchronous HTTP client/server framework for Python. It integrates seamlessly with aiohttp applications, enabling configuration of CORS policies for routes and resources. The library is actively maintained, with version 0.8.1 being the latest stable release, and typically follows the development of aiohttp, requiring Python 3.9+.","status":"active","version":"0.8.1","language":"en","source_language":"en","source_url":"https://github.com/aio-libs/aiohttp-cors","tags":["aiohttp","web","cors","http","async"],"install":[{"cmd":"pip install aiohttp-cors","lang":"bash","label":"Install latest version"}],"dependencies":[{"reason":"Core dependency for aiohttp web applications, tightly coupled for version compatibility.","package":"aiohttp","optional":false}],"imports":[{"note":"The primary functions `setup` and `add` are typically accessed directly from the imported `aiohttp_cors` module.","wrong":"from aiohttp_cors import setup","symbol":"aiohttp_cors","correct":"import aiohttp_cors"},{"note":"Used for enabling CORS on aiohttp.web.View classes.","symbol":"CorsViewMixin","correct":"from aiohttp_cors import CorsViewMixin"}],"quickstart":{"code":"import aiohttp_cors\nfrom aiohttp import web\n\nasync def handler(request):\n    return web.Response(text=\"Hello from CORS-enabled endpoint!\")\n\nasync def main():\n    app = web.Application()\n\n    # Setup CORS for all origins, allowing all headers and methods\n    cors = aiohttp_cors.setup(app, defaults={\n        \"*\": aiohttp_cors.ResourceOptions(\n            allow_credentials=True,\n            expose_headers=\"*\",\n            allow_headers=\"*\",\n            allow_methods=\"*\"\n        )\n    })\n\n    # Add a route and enable CORS for it\n    resource = cors.add(app.router.add_resource(\"/hello\"))\n    resource.add_route(\"GET\", handler)\n\n    # Alternatively, you can add CORS to existing routes directly\n    # For example, if you had:\n    # app.router.add_post(\"/data\", data_handler)\n    # cors.add(app.router.get(\"/data\"))\n\n    # To apply CORS to ALL existing routes:\n    # for route in list(app.router.routes()):\n    #     if not route.is_cors_enabled():\n    #         cors.add(route)\n\n    print(\"Server starting on http://localhost:8080\")\n    runner = web.AppRunner(app)\n    await runner.setup()\n    site = web.TCPSite(runner, 'localhost', 8080)\n    await site.start()\n    await asyncio.Event().wait() # Keep server running\n\nif __name__ == '__main__':\n    import asyncio\n    try:\n        asyncio.run(main())\n    except KeyboardInterrupt:\n        print(\"Server stopped.\")\n","lang":"python","description":"This quickstart sets up a basic aiohttp web application and applies a permissive CORS policy to a '/hello' endpoint, allowing requests from any origin. It demonstrates how to initialize CORS for the application and then apply it to specific routes or resources. It also shows a commented-out section for applying CORS to all routes programmatically."},"warnings":[{"fix":"Always check the `aiohttp-cors` `CHANGES.rst` or `setup.py` for precise `aiohttp` and `Python` version requirements when upgrading or setting up. Upgrade `aiohttp` and `Python` versions as needed.","message":"aiohttp-cors has strict compatibility requirements with `aiohttp` and `Python` versions. As of v0.8.0, it requires `aiohttp>=3.9` and `Python>=3.9`. Earlier versions of aiohttp-cors were compatible with older aiohttp and Python versions, but upgrading both libraries simultaneously is often necessary.","severity":"breaking","affected_versions":"<0.8.0"},{"fix":"After `aiohttp_cors.setup(app, defaults=...)`, you must use `cors.add(app.router.add_resource(...))` or `cors.add(route)` for individual routes. If you want to enable CORS for all existing routes, iterate over `app.router.routes()` and call `cors.add(route)` for each.","message":"CORS configuration must be explicitly applied to each route or resource you wish to expose. Simply initializing `aiohttp_cors.setup(app)` does not automatically enable CORS on all your application's routes.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Refactor `asyncio.coroutine` decorated functions to use `async def` syntax for better readability and alignment with modern Python best practices. For example, `@asyncio.coroutine def my_handler(...)` becomes `async def my_handler(...)`.","message":"The use of `asyncio.coroutine` decorators for handlers is deprecated in Python 3.5+ in favor of `async def` syntax. While `aiohttp-cors` itself supports this, ensure your application handlers use modern async/await syntax.","severity":"deprecated","affected_versions":"All versions (if using older Python syntax)"},{"fix":"Ensure your application is running on Python 3.5+ (preferably 3.9+ as per current requirements) and review any custom logic related to aiohttp views that might have been affected by the change to implicit type-based checking.","message":"In `aiohttp-cors` v0.7.0, the web view check became implicit and type-based, and support for Python 3.4 was disabled. If you were relying on explicit view checks or using Python 3.4, this will break your application.","severity":"breaking","affected_versions":"0.7.0 and later"}],"env_vars":null,"last_verified":"2026-04-05T00:00:00.000Z","next_check":"2026-07-04T00:00:00.000Z"}