-
Notifications
You must be signed in to change notification settings - Fork 90
Description
Describe the bug
When I use the anthropic API I get this error:
{"type":"error","error":{"type":"authentication_error","message":"CORS requests must set 'anthropic-dangerous-direct-browser-access' header"}}
Desktop (please complete the following information):
- OS: Windows
- Browser : Edge
I looked into anthropic's documentation to see what it was about and found this:
The anthropic-dangerous-direct-browser-access
header is automatically added when using the dangerouslyAllowBrowser
option in the TypeScript SDK (1) . Here's how to enable it:
import Anthropic from '@anthropic-ai/sdk';
const client = new Anthropic({
apiKey: null,
dangerouslyAllowBrowser: true
});
Note that enabling browser support is considered dangerous because it could expose your secret API credentials in client-side code (2) . Web browsers are inherently less secure than server environments, as any user with access to the browser can potentially inspect, extract, and misuse these credentials .
Some scenarios where enabling browser support might be acceptable include :
- Internal tools used within a controlled environment with trusted users
- Development or debugging purposes with temporary/frequently rotated credentials