stackoom
  简体   繁体   中英

Django Localhost CORS not working

 原文  2016-01-10 03:13:29    14    python/ django/ cors/ django-cors-headers

Question

I have a local Django setup as follows

Django Rest Framework : localhost:8000

AngularJS frontend : local apache running on http://localservername

I've installed django-cors-headers and in my settings.py , I've setup my

CORS_ORIGIN_WHITELIST = (
    'http://localhost',
    'localservername',
    'http://localservername',
    '127.0.0.1'
)


MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
)

However, I get a No 'Access-Control-Allow-Origin' header is present on the requested resource. error whenever I hit any API that's served from the Rest Framework . If I set CORS_ORIGIN_ALLOW_ALL = True , then the API's work correctly but that's highly insecure for my server side data.

What do I have to change to fix this?

14 answers

solution1
 23 ACCPTED  2019-12-24 01:32:00

Here in this error the hint is clearly mentioning that it needs https://

HINT: Add a scheme (e.g. https://) or netloc (e.g. example.com).

Moreover, it is also true that braces matters in django settings.

CORS_ORIGIN_WHITELIST = [
    'https://localhost:3000'
]

And the above settings work fine.

While the same settings with different brackets won't work

CORS_ORIGIN_WHITELIST = (
    'https://localhost:3000'
)

solution2
 8  2020-07-05 18:01:27

For me i used [] instead of (). Also don't add a '/' at the end url.

Something like this

CORS_ORIGIN_WHITELIST = [
    'http://localhost:3000'
]

solution3
 4  2017-05-30 12:19:51

I had the same problem. By browsing the django-cors-headers -code found my mistake was the following:

While a complete CORS-header looks like this (notice schema AND hostname):

Access-Control-Allow-Origin: https://example.com

The CORS_ORIGIN_WHITELIST setting wants it in a format that compares to urlparse.netloc (docs ) of the Origin -header, which is only the host (possibly the port) 

def origin_found_in_white_lists(self, origin, url):
    return (
        url.netloc in conf.CORS_ORIGIN_WHITELIST or
        (origin == 'null' and origin in conf.CORS_ORIGIN_WHITELIST) or
        self.regex_domain_match(origin)
    )

While the RegEx-whitelist compares it against the complete Origin -header.

So the correct setting (as the example in the setup-manual correctly states, but not properly describes) would be:

CORS_ORIGIN_WHITELIST = (
    'example.com',
)

Which can be a problem if you do not want your API to talk to the non-secure http-version of a website. Use the RegEx in that case.

Also note: during troubleshooting I found out that the CORS-header is completely absent if no match is found. Which means that absence of the header is not a sure indication of a complete malfunction of the middleware, but maybe just a misconfiguration.

solution4
 3  2016-01-10 03:30:37

As per http://www.w3.org/Security/wiki/Same_Origin_Policy , the requests should be from same port, scheme, and host to be considered as same origin. Here one of your server is in port 80 and the other one is on 8080.

An origin is defined by the scheme, host, and port of a URL. Generally speaking, documents retrieved from distinct origins are isolated from each other. For example, if a document retrieved from http://example.com/doc.html tries to access the DOM of a document retrieved from https://example.com/target.html , the user agent will disallow access because the origin of the first document, (http, example.com, 80), does not match the origin of the second document (https, example.com, 443).

solution5
 2  2019-12-09 07:26:30

This works for me, Please check with this, it may help you to resolve your issue.

CORS_ORIGIN_WHITELIST = (
    'http://localhost',
)

solution6
 1  2019-10-26 17:31:20

Braces matter for me,use [] instead of (), I have verified in Django, others I haven't checked.

Write Like This:

CORS_ORIGIN_WHITELIST=[ ' https://localhost:3000 ' ]

solution7
 1  2019-12-06 23:42:17

CORS_ORIGIN_WHITELIST=[ ' https://localhost:3000 ' ] 它工作正常。

solution8
 1  2020-03-07 12:23:44

像 CORS_ORIGIN_WHITELIST = [ ' https://localhost:3000 ' ] 这样的写作对我来说效果很好。

solution9
 1  2020-03-11 19:40:32

Copy the whitelist code from the django-cors-headers documentation , and then just modify it:

CORS_ORIGIN_WHITELIST = [
    "https://example.com",
    "https://sub.example.com",
    "http://localhost:8080",
    "http://127.0.0.1:9000"
]

That will guarantee you that you didn't make any typos.

solution10
 1  2020-11-23 23:08:48

Make sure that not to add path / , like following:

CORS_ORIGIN_WHITELIST = (
    'https://localhost:3000/'
)

Just add the following code instead.

CORS_ORIGIN_WHITELIST = [
    'https://localhost:3000'
]

solution11
 0  2019-10-16 04:29:54

maybe braces matter

[] instead of () 

CORS_ORIGIN_WHITELIST = [

    'http://localhost',

    'localservername',

    'http://localservername',

    '127.0.0.1'

]

should work

solution12
 0  2022-02-15 10:36:53

I think the best way to do solve this error is :-

  1. Type the URL in the browser, for eg :- If you are running an angular app, then do,

    ng serve

    and type the URL given by "ng serve" command into the browser. for eg :- localhost:4200

  2. then, Copy the URL from the browser and paste as it is in the cors allowed host. eg :-

    CORS_ALLOWED_ORIGINS = [ 'http://localhost:4200', ]

Note :- Don't forget to Remove the last "/" sign from the URL, so instead of, http://localhost:4200/ add this :- http://localhost:4200

And after this, you'll see no error.

solution13
 0  2022-06-12 19:47:56

I fixed this by fixing the order in:

INSTALLED_APPS = [
...
'corsheaders',
'image_cropping',
'easy_thumbnails',
...
'rest_framework',
...
]






MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',

... ]

solution14
 0  2022-07-16 11:29:57

install Django cors package

django-cors-headers

go to settings.py and add it to installed apps

INSTALLED_APPS = [
    .....
    'corsheaders',
 ]

add it to the middleware

MIDDLEWARE = [
   ........
  'corsheaders.middleware.CorsMiddleware',
  'django.middleware.common.CommonMiddleware',


]

Most important step

add this right below the middleware without a slash at the end

CORS_ORIGIN_WHITELIST = ['http://localhost:3000']

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Django CORS - localhost with any port CORS headers not working on Django project Django-cors-headers not working React Django CORS not working : has been blocked by CORS policy ¿Why my CORS config in django is not working? django-cors-headers not working at all CORS not working in Django but settings seem correct Django CORS Headers not Working as Suggested in Docs django bootstrap 4 navbar toggler button not working on localhost Django/Celery multiple queues on localhost - routing not working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM