CORS Access-Control-Allow-Origin despite correct headers

Question

I am trying to set up simple Cross-Origin Resource Sharing using jQuery (1.7.1) powered ajax on the client and apache served python (django) server. According to all the in

Answer 1

So I was being mislead by the response from going to the URL, and in fact the problem was that when doing the ajax request, I was getting a 403 (only revealed in firefox not chrome) error due to csrf protection.

Answer 2

I was using the excellent django-cors-headers library and ran into this problem as well. For me, the solution was to add 'accept-encoding' to the default CORS_ALLOW_HEADERS tuple.

Answer 3

You have to implement a "pre-flighted" request and response because your situation counts as a "not so simple" request. Basic CORS, that only requires the Origin header, can only have content types of "application/x-www-form-urlencoded", "multipart/form-data", and "text/plain". Since you return "application/json", you don't meet this requirement.

I don't know anything about Django, but I found it easier to implement CORS support outside of my application through the use of a Tomcat filter. It looks like you can do the same thing with Django.

2013-08-11: It looks like the GitHub repo is no longer with us. But the Django package looks to still be available at https://pypi.python.org/pypi/django-cors/0.1