{"id":8620,"library":"sanic-cors","title":"Sanic-CORS","description":"Sanic-CORS is a Sanic extension that provides Cross-Origin Resource Sharing (CORS) support, primarily through a decorator. It is based on the popular Flask-CORS library. The current version is 2.2.0, with a release cadence that aligns with critical Sanic updates and bug fixes, typically every few months for major Sanic version compatibility.","status":"active","version":"2.2.0","language":"en","source_language":"en","source_url":"https://github.com/ashleysommer/sanic-cors","tags":["sanic","cors","web","api","middleware"],"install":[{"cmd":"pip install sanic-cors","lang":"bash","label":"Install Sanic-CORS"}],"dependencies":[{"reason":"Core web framework integration","package":"sanic","optional":false},{"reason":"Compatibility for specific versions (>=22.6.0 required sanic-cors 2.1.0+)","package":"sanic-ext","optional":true},{"reason":"Replaced distutils for version parsing since 2.1.0","package":"packaging","optional":false}],"imports":[{"symbol":"CORS","correct":"from sanic_cors import CORS"},{"symbol":"cross_origin","correct":"from sanic_cors import cross_origin"}],"quickstart":{"code":"from sanic import Sanic, response\nfrom sanic_cors import CORS, cross_origin\nimport os\n\napp = Sanic(__name__)\n\n# Enable CORS for the entire application (or specify options)\nCORS(app, origins=\"*\", allow_headers=\"*\", expose_headers=\"*\", automatic_options=True)\n\n@app.route(\"/\", methods=[\"GET\"])\n@cross_origin(origins=os.environ.get('ALLOWED_ORIGIN', '*')) # Decorator for specific route\nasync def hello_world(request):\n    return response.json({\"message\": \"Hello from Sanic-CORS!\"})\n\n@app.route(\"/data\", methods=[\"GET\", \"POST\"])\n# cross_origin() can be omitted if CORS(app) handles it globally\nasync def get_data(request):\n    if request.method == \"GET\":\n        return response.json({\"data\": \"Some public data\"})\n    elif request.method == \"POST\":\n        return response.json({\"status\": \"Data received\"})\n\nif __name__ == \"__main__\":\n    app.run(host=\"0.0.0.0\", port=8000)","lang":"python","description":"This quickstart demonstrates how to enable CORS globally for a Sanic application using `CORS(app)` and how to apply it to individual routes using the `@cross_origin()` decorator. It sets up a basic Sanic app with two routes and ensures CORS headers are correctly handled for preflight OPTIONS requests and actual data requests."},"warnings":[{"fix":"Migrate your application to Sanic v21.12+ and update your Sanic-CORS usage to the direct API provided in v2.0.0, removing SPTK/SPF related configurations.","message":"Sanic-CORS v2.0.0 removed compatibility with Sanic-Plugin-Toolkit (SPTK) and Sanic-Plugins-Framework (SPF). Code relying on these prior integration methods will break.","severity":"breaking","affected_versions":">=2.0.0"},{"fix":"For Sanic versions <= 21.3, you must use the Sanic-CORS `0.10.x` branch (e.g., `pip install sanic-cors==0.10.0.post3`). Otherwise, upgrade Sanic to v21.3 or newer.","message":"Sanic-CORS v1.0.0 dropped support for Sanic versions older than 21.3. Attempting to use v1.0.0+ with older Sanic versions will lead to incompatibilities.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"Always check the Sanic-CORS release notes for specific compatibility updates before upgrading Sanic or Sanic-Ext. Ensure you're on the latest compatible version of Sanic-CORS.","message":"Compatibility issues can arise with specific Sanic and Sanic-Ext versions due to changes in middleware handling or internal APIs. For example, Sanic-CORS 2.2.0 was needed for Sanic v22.9.0, and 2.1.0 for Sanic-Ext v22.6.0+.","severity":"gotcha","affected_versions":"All versions, specific to Sanic/Sanic-Ext releases"},{"fix":"Upgrade to Sanic-CORS v2.2.0 or newer to ensure `Vary 'Origin'` is correctly appended to any existing `Vary` header string.","message":"The `Vary` header behavior was improved in v2.2.0. Previously, `Vary 'Origin'` might overwrite existing `Vary` headers on a response, leading to unexpected caching behavior.","severity":"gotcha","affected_versions":"<2.2.0"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Ensure `CORS(app)` is called at the application level before routes are registered, or that `@cross_origin()` is applied to the specific route handler. Verify the `origins` parameter in `CORS()` or `@cross_origin()` allows the client's origin (e.g., `origins=\"*\"` for development, or a specific domain).","cause":"The CORS headers are not being sent by the Sanic server, often due to misconfiguration or `sanic-cors` not being applied to the specific route or application.","error":"No 'Access-Control-Allow-Origin' header is present on the requested resource."},{"fix":"Ensure `automatic_options=True` is passed to `CORS(app)` or `@cross_origin()`. This is often the default, but explicitly setting it can resolve issues. Also, ensure `CORS(app)` is called before any blueprints or routes that require CORS are registered, to allow the middleware to activate correctly.","cause":"Sanic is not correctly handling the CORS preflight OPTIONS request, indicating `sanic-cors` is not intercepting or correctly processing it.","error":"405 Method Not Allowed (for OPTIONS requests)"},{"fix":"This often points to a Sanic version incompatibility. Upgrade Sanic to a more recent version (e.g., Sanic 19.9+ or 21.3+). If upgrading Sanic is not feasible, you might need to use an older compatible `sanic-cors` version (e.g., `0.10.x` for Sanic <= 21.3).","cause":"This error can occur in older Sanic versions or specific setups where `sanic-cors` expects `request.ctx` but it's not available in the request context.","error":"AttributeError: 'Request' object has no attribute 'ctx'"}]}