Django-cors-headers not working

问题

My django version is 1.8.6. I've copy the corsheaders folder into the project folder. i've pip install django-cors-headers(ver 1.1.0). This is my setting.py:

    INSTALLED_APPS = (
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'MyWebsite_app',
    'storages',
    'rest_framework',
    'corsheaders',
)

MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'django.middleware.security.SecurityMiddleware',
)

CORS_ORIGIN_ALLOW_ALL = True

This is my jquery:

function getLeague() {
$.ajax({
    url: 'http://otherdomain.ashx?username=xxx&password=xxx&sportsBook=xxx&sportsType=xxx&gameType=xxx',
    type: 'GET',
    dataType: 'json',
    success: function(data) {
        alert('Success');
    },
    error: function(data) {
        alert('Fail');
    }
    });
}

It keeps alerting "Fail" when executing the getLeague(). And when i see the console it shows "XMLHttpRequest cannot load http://otherdomain.ashx?username=xxx&password=xxx&sportsBook=xxx&sportsType=xxx&gameType=xxx. No Access-Control-Allow-Origin header is present on the requested source". Should i add some code in the urls.py or in the view.py? Thank you.

回答1:

Better to create a proxy at your application which in turn will call the other domain and will return you the data:

function getLeague() {
  $.ajax({
    url: '/crossdomainData',
    type: 'GET',
    dataType: 'json',
    success: function(data) {
        alert('Success');
    },
    error: function(data) {
        alert('Fail');
    }
    });
}

As you are using django, you can import this Django HTTP Proxy.

Introduction

Django HTTP Proxy provides simple HTTP proxy functionality for the Django web development framework. It allows you make requests to an external server by requesting them from the main server running your Django application. In addition, it allows you to record the responses to those requests and play them back at any time.

---

Another option is here taken from this post answered by @dvcrn.

import urllib2
    def crossdomainData(request):
        url = "http://otherdomain.ashx?username=xxx&password=xxx&sportsBook=xxx&sportsType=xxx&gameType=xxx"
        req = urllib2.Request(url)
        response = urllib2.urlopen(req)
        return HttpResponse(response.read(), content_type="application/json")

回答2:

Some 500 errors happen earlier than the CORS middleware, so it has no chance to add CORS headers. If the response status code was 500, this might be the issue and CORS might be working fine.

来源：https://stackoverflow.com/questions/35623792/django-cors-headers-not-working