405 Method Not Allowed when hitting HA API (on a raspberry pi)

i’m trying to GET via the Rest API in a web application i’m building. i’m getting a 405 method not allowed in response to the preflight OPTIONS request to the api.

HA Rest API is running on a raspberry pi at that pi is also serving my web application at

as per the docs i’ve tried setting a cors_allowed_origins entry in configuration.yaml:


i still get a 405 not allowed because HA is not setting the ‘Access-Control-Allow-Origin’ header.

strangely, if i run HA on my own macbook (not the pi) and hit the api in the same way, with the cors_allowed_origins config entry, it is successful and injects that header.

has anyone experienced this? why isn’t the config entry adding the required headers to responses from the api?

does anyone know where aiohttp logs are stored in the home assistant installation? the standard HA logging doesn’t show any api requests at all, even at log info level.

1 Like

I’m having a similar issue with webhooks from my Synology NAS.

Regardless of whether Surveillance Station on the NAS is being used or not, to my understanding, entering into a browser address bar should deliver a ‘success’ message, as it used to, rather than a ‘405: Method Not Allowed’ message.

This worked fine prior to the previous HA update.

Unfortunately, I do not yet have the skills to work out why this has changed in HA.

Any pointers as to where to look would be appreciated.

1 Like

Does CORS need to be set in the HA HTTP config section at all?

Looking at the HTTP docs here:

there is a section on CORS:

(string | list)(Optional)
A list of origin domain names to allow CORS requests from. Enabling this will set the Access-Control-Allow-Origin header to the Origin header if it is found in the list, and the Access-Control-Allow-Headers header to Origin, Accept, X-Requested-With, Content-type, Authorization . You must provide the exact Origin, i.e. https://www.home-assistant.io will allow requests from https://www.home-assistant.io but not http://www.home-assistant.io .