I am newbie to django and using it as back end for an application that creates users. In front end the code for posting the user name is :
var xobj = new XMLHttpRequest();
xobj.overrideMimeType("application/json");
xobj.open('POST', "http://www.local:8000/create_user/", true);
xobj.setRequestHeader("Access-Control-Allow-Origin", "*");
xobj.onreadystatechange = function () {
if (xobj.readyState == 4 && xobj.status == "200") {
console.log(xobj.responseText);
}
}
xobj.send(json);
On back end the function associated with url handles json but i am getting the error "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.local:54521' is therefore not allowed access". What is the solution for this problem? Also I have followed the steps from "https://gist.github.com/strogonoff/1369619", but problem persists.
Your front and back end are on different ports which means your ajax requests are subject to cross origin security.
You need to set up the back end to accept requests from different origins (or just different port numbers).
Try reading up on CORS and more specifically looking at django cors headers
Here's what I did when I got the same error from Django Rest Framework while sending an API request from Restangular. What this does is add CORS (Cross-Origin Resource Sharing) headers to responses from Django Rest Framework. Not having CORS headers was the cause of the error.
In the Django Project root folder (where the manage.py file is located), do:
pip install django-cors-headers
I tried it using virtualenv but was not able to get it to work, so I installed it without switching to virtualenv and got it installed.
After installing it, you have to make some edits to your django settings.py
INSTALLED_APPS = (
...
'corsheaders',
...
)
MIDDLEWARE_CLASSES = (
...
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
...
)
CORS_ORIGIN_ALLOW_ALL = True
Setting above to true allows all origins to be accepted.
References: https://github.com/ottoyiu/django-cors-headers
In my case, I had simply forgotten to add a trailing slash at the end of the REST API URL. ie, I had this:
http://127.0.0.1:8000/rest-auth/login
Instead of this:
http://127.0.0.1:8000/rest-auth/login/
If django-cors-headers
not resolved the problem try manual add Access-Control-Allow-Origin
like this:
@api_view(['GET'])
def swanger(request):
resutl = {'a': 1}
resp = JsonResponse(resutl)
resp['Access-Control-Allow-Origin'] = '*'
return resp
in my case it was localhost:8000 while 127.0.0.1 was expected... changing localhost to 127.0.0.1 in my browser did the trick
Add following line in middleware classes
'corsheaders.middleware.CorsPostCsrfMiddleware'
so overall implementation would be:
INSTALLED_APPS = (
...
'corsheaders',
...
)
MIDDLEWARE_CLASSES = (
...
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'corsheaders.middleware.CorsPostCsrfMiddleware'
...
)
CORS_ORIGIN_ALLOW_ALL = True
check documentaion below for more info
I faced the same issue.
user3785412's answer will work. but, first time it may not work directly because of browser cache. either try in another browser or clear cache before loosing hope.
I had API server in Django 2 hosted on Heroku and Angular 7 Client on Firebase. I made all changes in settings.py as per user3785412 and still it would not work, wasted almost 3 hours. Then came across on post which suggested cache could be issue. opened in chrome and voila!
Hope this helps! (My first answer here, please go easy)
来源:https://stackoverflow.com/questions/22476273/no-access-control-allow-origin-header-is-present-on-the-requested-resource-i