发表新帖
发表新帖

django-cors-headers not work

后端 未结
关注
13 1405
情深已故
情深已故 2020-12-29 04:10

django-cors-headers not work

INSTALLED_APPS = (
    \'django.contrib.admin\',
    \'django.contrib.auth\',
    \'django.contrib.contenttypes\',
    \'django.
相关标签:
13条回答
  • 失恋的感觉
    2020-12-29 04:24

    This worked for me: 

    python -m pip install django-cors-headers

    MIDDLEWARE = [  
    ...
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    ...
]

INSTALLED_APPS = [
    ...
    'corsheaders',
    ...
]

`ALLOWED_HOSTS = ['*']`

`CORS_ORIGIN_ALLOW_ALL = True`

    Make sure to include: corsheaders.middleware.CorsMiddleware, as high as possible

    For reference: https://pypi.org/project/django-cors-headers/, https://docs.djangoproject.com/en/3.0/ref/settings/

    0 讨论(0)
  • 佛祖请我去吃肉
    2020-12-29 04:26

    Do not forget to add

    'corsheaders.middleware.CorsMiddleware',

    at top of MIDDLEWARE variable :

    See docs :

    CorsMiddleware should be placed as high as possible, especially before any middleware that can generate responses such as Django's CommonMiddleware or Whitenoise's WhiteNoiseMiddleware. If it is not before, it will not be able to add the CORS headers to these responses.

    0 讨论(0)
  • 温柔的废话
    2020-12-29 04:27

    I guess corsheaders and clickjacking middlewares are not compatible. At least I got rid off X-Frame-Options header when I commented out django.middleware.clickjacking.XFrameOptionsMiddleware.

    I've just CORS_ORIGIN_ALLOW_ALL = True setting.

    0 讨论(0)
  • 自闭症患者
    2020-12-29 04:28

    If you are testing this you need to ensure you include at least the Origin header in the request.

    E.g.:

    $ http GET http://127.0.0.1:8000/todos/ Origin:http://www.someorigin.com
HTTP/1.0 200 OK
Access-Control-Allow-Origin: *
Allow: GET, POST, HEAD, OPTIONS
Content-Type: application/json
Date: Sat, 14 Nov 2015 04:42:38 GMT
Server: WSGIServer/0.1 Python/2.7.10
Vary: Accept, Cookie
X-Frame-Options: SAMEORIGIN

    You will get more feedback with a preflight CORS request:

    $ http OPTIONS http://127.0.0.1:8000/todos/ Origin:http://www.someorigin.com
HTTP/1.0 200 OK
Access-Control-Allow-Headers: x-requested-with, content-type, accept, origin, authorization, x-csrftoken, user-agent, accept-encoding
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Allow: GET, POST, HEAD, OPTIONS
Content-Type: application/json
Date: Sat, 14 Nov 2015 04:45:37 GMT
Server: WSGIServer/0.1 Python/2.7.10
Vary: Accept, Cookie
X-Frame-Options: SAMEORIGIN
    0 讨论(0)
  • 眼角桃花
    2020-12-29 04:30

    According to the process_response code from CorsMiddleware:

    response[ACCESS_CONTROL_ALLOW_ORIGIN] = "*" if (
            settings.CORS_ORIGIN_ALLOW_ALL and
            not settings.CORS_ALLOW_CREDENTIALS) else origin

    You must set settings like this:

    # CORS Config
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = False
    0 讨论(0)
  • 一整个雨季
    2020-12-29 04:40

    From Django 2 MIDDLEWARE_CLASSES is changed to MIDDLEWARE. In this case if you have Django 2 make sure the MIDDLWARE is as it should be such that MIDDLEWARES get executed.

    0 讨论(0)
 看不清?
提交回复
热议问题