Skip to content

runner: Do not allow CORS headers set by the inference engines #107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
doringeman merged 1 commit into from
Jul 14, 2025
Merged

runner: Do not allow CORS headers set by the inference engines #107

doringeman merged 1 commit into from
Jul 14, 2025

Conversation

@doringeman
Copy link
Contributor

@doringeman doringeman commented Jul 14, 2025

@ilopezluna noticed that the CORS headers are also set by the underlying inference engine.

Notice that the Access-Control-Allow-Origin header is set even if the origin is not part of the allowed origins list, and duplicated if the origin is part of the allowed origins list.

Before:

$ DMR_ORIGINS=http://localhost:5555 MODEL_RUNNER_PORT=8080 make run
$ curl -X POST  -i 'http://localhost:8080/engines/v1/chat/completions' \
  -H 'Origin: http://localhost:5551' \
  --data-raw '{"model":"ai/smollm2","messages":[{"role":"user","content":"hello"}]}'
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://localhost:5551
Content-Length: 644
Content-Type: application/json; charset=utf-8
Server: dd-llama.cpp
Date: Mon, 14 Jul 2025 11:19:37 GMT
$ curl -X POST  -i 'http://localhost:8080/engines/v1/chat/completions' \
  -H 'Origin: http://localhost:5555' \
  --data-raw '{"model":"ai/smollm2","messages":[{"role":"user","content":"hello"}]}'
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://localhost:5555
Access-Control-Allow-Origin: http://localhost:5555
Content-Length: 658
Content-Type: application/json; charset=utf-8
Server: dd-llama.cpp
Date: Mon, 14 Jul 2025 11:19:40 GMT

Now:

$ DMR_ORIGINS=http://localhost:5555 MODEL_RUNNER_PORT=8080 make run
$ curl -X POST  -i 'http://localhost:8080/engines/v1/chat/completions' \
  -H 'Origin: http://localhost:5551' \
  --data-raw '{"model":"ai/smollm2","messages":[{"role":"user","content":"hello"}]}'
HTTP/1.1 200 OK
Content-Length: 774
Content-Type: application/json; charset=utf-8
Server: dd-llama.cpp
Date: Mon, 14 Jul 2025 11:17:10 GMT
$ curl -X POST  -i 'http://localhost:8080/engines/v1/chat/completions' \
  -H 'Origin: http://localhost:5555' \
  --data-raw '{"model":"ai/smollm2","messages":[{"role":"user","content":"hello"}]}'
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://localhost:5555
Content-Length: 585
Content-Type: application/json; charset=utf-8
Server: dd-llama.cpp
Date: Mon, 14 Jul 2025 11:17:15 GMT

@doringeman doringeman requested review from a team and ilopezluna July 14, 2025 11:22
ilopezluna
ilopezluna approved these changes Jul 14, 2025
View reviewed changes
Copy link
Contributor

@ilopezluna ilopezluna left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing it 🙏

@doringeman doringeman merged commit 566ec6f into docker:main Jul 14, 2025
1 check passed
doringeman added a commit to doringeman/model-runner that referenced this pull request Sep 23, 2025
@doringeman
distribution client: return structured response for untagged and dele…
34bc600 
…ted models (docker#107)

Signed-off-by: Dorin Geman <[email protected]>
doringeman added a commit to doringeman/model-runner that referenced this pull request Sep 24, 2025
@doringeman
distribution client: return structured response for untagged and dele…
8b45390 
…ted models (docker#107)

Signed-off-by: Dorin Geman <[email protected]>
doringeman pushed a commit to doringeman/model-runner that referenced this pull request Oct 2, 2025
@xenoscopic
Merge pull request docker#107 from docker/container-start-cleanup-rebase
7f3479b 
Clean up standalone container startup using Moby idioms
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xenoscopic xenoscopic xenoscopic approved these changes

@ilopezluna ilopezluna ilopezluna approved these changes

+1 more reviewer

@p1-0tr p1-0tr p1-0tr approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@doringeman @xenoscopic @ilopezluna @p1-0tr