django-cors-headers 不工作:请求的资源上不存在“Access-Control-Allow-Origin”header
[英]django-cors-headers not working: No 'Access-Control-Allow-Origin' header is present on the requested resource
问题描述
Full error:
完整错误:
Access to XMLHttpRequest at 'https://[redacted]/api/get_match_urls/' from origin 'https://trello.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I am making an API call from an extension while at trello.com我在 trello.com 时通过分机拨打 API
I have corsheaders in my INSTALLED_APPS .我的INSTALLED_APPS中有corsheaders 。 I have 'corsheaders.middleware.CorsMiddleware' in my middleware as high up as possible.我的中间件中有尽可能高'corsheaders.middleware.CorsMiddleware' 。 And I have CORS_ORIGIN_ALLOW_ALL set to True .我将CORS_ORIGIN_ALLOW_ALL设置为True 。 Yes I've tried the alternate alias CORS_ALLOW_ALL_ORIGINS and it still didn't work.是的,我已经尝试了备用别名CORS_ALLOW_ALL_ORIGINS ,但它仍然没有用。 Anyone have any ideas?谁有想法?
MIDDLEWARE = [
'debug_toolbar.middleware.DebugToolbarMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
2 个解决方案
解决方案1
2 2022-11-16 06:50:50
Could not make it work after trying everything mentioned here.在尝试了此处提到的所有内容后无法使其正常工作。 In fact, everything mentioned in the django-cors-headers documentation was already there in my settings.py.事实上,django-cors-headers 文档中提到的所有内容都已经存在于我的 settings.py 中。
After a lot of digging in, I found out the culprit was the "MIDDLEWARE" definition itself in settings.py.经过大量挖掘,我发现罪魁祸首是 settings.py 中的“MIDDLEWARE”定义本身。 According to my version of django (which is 1.7) it needs to be "MIDDLEWARE_CLASSES" and not "MIDDLEWARE".根据我的 django 版本(1.7),它需要是“MIDDLEWARE_CLASSES”而不是“MIDDLEWARE”。 You can find this out when you look at the django documentation for middlewares which can be found here https://docs.djangoproject.com/en/1.8/topics/http/middleware/ (don't forget to choose your version of django from right bottom corner).当您查看中间件的 django 文档时,您会发现这一点,可以在此处找到https://docs.djangoproject.com/en/1.8/topics/http/middleware/ (不要忘记选择您的 django 版本从右下角)。 When this change was done, my preflights started returning the needed response headers.完成此更改后,我的预检开始返回所需的响应标头。
Still scratching my head thinking how simple was the solution (when found out) for an issue which took hours away from me:(仍然抓耳挠腮思考解决方案(当发现时)是多么简单,这个问题花了我几个小时的时间:(
解决方案2
1 已采纳 2021-06-17 17:33:33
I had a look at the corsheaders.middleware.CorsMiddleware and it seems if you set CORS_ALLOW_ALL_ORIGINS and not CORS_ALLOW_CREDENTIALS it will return Access-Control-Allow-Origin: * , but if you also set CORS_ALLOW_CREDENTIALS then it will return the origin from the request headers.我查看了corsheaders.middleware.CorsMiddleware ,似乎如果您设置CORS_ALLOW_ALL_ORIGINS而不是CORS_ALLOW_CREDENTIALS它将返回Access-Control-Allow-Origin: * ,但如果您还设置CORS_ALLOW_CREDENTIALS那么它将从请求标头返回来源.
here is the part of the code that does that这是执行此操作的代码部分
origin = request.META.get("HTTP_ORIGIN")
# omiting the lines in between
if conf.CORS_ALLOW_ALL_ORIGINS and not conf.CORS_ALLOW_CREDENTIALS:
response[ACCESS_CONTROL_ALLOW_ORIGIN] = "*"
else:
response[ACCESS_CONTROL_ALLOW_ORIGIN] = origin
another idea would be also to use CORS_ALLOWED_ORIGIN_REGEXES eg另一个想法也是使用CORS_ALLOWED_ORIGIN_REGEXES例如
CORS_ALLOWED_ORIGIN_REGEXES = [
r".*",
]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.