Description
Feature or enhancement
Proposal:
Add a --cors command line option to the http.server stdlib module, which when specified will add this CORS header to all responses:
Access-Control-Allow-Origin: *
This is useful during local web development, which is a common use case for http.server. If a user is developing Javascript on one local web server, and making Javascript requests against static assets served by a separately running python -m http.server, those requests will fail due to the browser's default cross-origin request policy. With the rise in popularity of tools like pyodide and pyscript, whose implementations are subject to the same Javascript cross-origin request logic, I expect similar use cases to this to become more common. It would be useful for http.server to support an open cross-origin response header via the command line like so:
python -m http.server --corsThis allows the user to serve static assets locally that can be requested by Javascript anywhere the server is visible. The new headers are opt-in only, no default behavior is changed without the flag.
Has this already been discussed elsewhere?
I have already discussed this feature proposal on Discourse
Links to previous discussion of this feature:
I started a thread about this feature on python-ideas:
https://discuss.python.org/t/any-interest-in-adding-a-cors-option-to-python-m-http-server/92120/10
The thread has a mixed response. Some are for it, some against, and some are in favor of a more generalized approach. I discussed the feature with some developers in person at Pycon 2025, the result being that there is possibly enough interest to add this feature.