Ollama CORS and Port Binding

If you want to use Ollama’s local OpenAI-compatible API through a browser-based tool (like Catalyst), you need to allow CORS.

Updated July 2026 — this post now covers the new Ollama desktop app settings, Docker, browser extensions, and current commands for all platforms.

By default, Ollama only accepts cross-origin requests from 127.0.0.1 and 0.0.0.0. Any other web origin — a hosted web app, a browser extension, another machine on your network — needs to be allowed explicitly with the OLLAMA_ORIGINS environment variable.

Check whether CORS is enabled

curl -X OPTIONS http://localhost:11434 -H "Origin: http://example.com" -H "Access-Control-Request-Method: GET" -I

Here we are checking if origin example.com is allowed

If you get this output

HTTP/1.1 403 Forbidden
Date: Wed, 09 Oct 2024 10:12:15 GMT
Content-Length: 0

It means CORS is not enabled for that origin.

Enable CORS

On macOS

If you use the Ollama desktop app, set the environment variable with launchctl:

launchctl setenv OLLAMA_ORIGINS "*"

or only the origins you would like, for example

launchctl setenv OLLAMA_ORIGINS "https://example.com,https://catalyst.voov.ai"

Then quit and restart the Ollama app from the menu bar.

If you run the server from the terminal instead, you can pass the variable inline:

OLLAMA_ORIGINS="*" ollama serve

Binding

Ollama listens on port 11434 only on localhost. The newer desktop app has a built-in toggle for this: Settings → Expose Ollama to the network. That is the easiest way.

To do the same thing manually:

launchctl setenv OLLAMA_HOST "0.0.0.0"

You need to restart Ollama after doing this.

On Windows

Quit Ollama from the system tray first. Then open Settings (Windows 11) or Control Panel (Windows 10), search for environment variables, and click Edit environment variables for your account.

Add the variables OLLAMA_HOST and OLLAMA_ORIGINS depending on your requirements, then start Ollama again from the Start menu.

Ollama Windows

The Windows desktop app also has the Expose Ollama to the network toggle in its settings for network binding.

For a one-off session in PowerShell:

$env:OLLAMA_ORIGINS="*"; ollama serve

On Linux

Edit the ollama.service using the following command

sudo systemctl edit ollama.service

Add the following environment variables

[Service]
Environment="OLLAMA_HOST=0.0.0.0"
Environment="OLLAMA_ORIGINS=*"

Then reload and restart the ollama service

sudo systemctl daemon-reload
sudo systemctl restart ollama

Docker

Pass the variables with -e when starting the container:

docker run -d \
  -e OLLAMA_ORIGINS="*" \
  -v ollama:/root/.ollama \
  -p 11434:11434 \
  --name ollama ollama/ollama

The container already listens on all interfaces internally, so -p 11434:11434 handles the binding — OLLAMA_ORIGINS is the only variable you need for browser access.

Browser Extensions

Browser extensions have their own origin schemes, so a wildcard on regular domains won’t cover them. To allow extensions to call Ollama:

OLLAMA_ORIGINS="chrome-extension://*,moz-extension://*,safari-web-extension://*"

Set this using the platform-specific method above (launchctl, environment variables, or systemd).

Testing

Your output should be like below if everything is setup right for Origins

(base)   ~ curl -X OPTIONS http://localhost:11434 -H "Origin: http://example.com" -H "Access-Control-Request-Method: GET" -I
HTTP/1.1 204 No Content
Access-Control-Allow-Headers: Authorization,Content-Type,User-Agent,Accept,X-Requested-With,X-Stainless-Lang,X-Stainless-Package-Version,X-Stainless-Os,X-Stainless-Arch,X-Stainless-Runtime,X-Stainless-Runtime-Version,X-Stainless-Async
Access-Control-Allow-Methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 43200
Date: Wed, 09 Oct 2024 10:13:26 GMT

To make sure the network binding is correct, check what the port is bound to.

On Linux:

$ ss -tlnp | grep 11434
LISTEN 0  4096  *:11434  *:*

On macOS:

$ lsof -nP -iTCP:11434 -sTCP:LISTEN
COMMAND   PID  USER   FD   TYPE  DEVICE  SIZE/OFF  NODE  NAME
ollama    712  gavi    3u  IPv6  0x1234        0t0   TCP  *:11434 (LISTEN)

*:11434 means the port is bound to all IPs on the machine.

A Note on Security

Two things worth knowing before you copy-paste the wildcard everywhere:

Using Your Local Models from the Browser

The reason I needed CORS in the first place: Catalyst, a browser-based AI platform I built. Once CORS is enabled, Catalyst connects straight to your local Ollama at http://localhost:11434 — your prompts and completions never leave your machine, while you still get a full-featured chat UI.

Importing Ollama models into Catalyst

You can import all your local Ollama models with one click and use them alongside cloud providers like OpenAI, Claude, and Gemini — including running the same prompt against multiple models side by side to see which one does the job best:

Multi-model comparison in Catalyst

It also does Python code execution, image generation, web search, a shared prompt library, and visual workflows. Read more on the Catalyst product page or try it at catalyst.voov.ai.

By: Gavi Narra on: (updated: )