stackoom
  简体   繁体   中英

CORS during development without Access-Control-Allow-Origin

 原文  2016-11-23 09:43:30       django/ cors

Question

The server answer with a Access-Control-Allow-Origin value set for the production. Is there a way to be permissive when the requests come from my development server ? Is there a Django setting to disable the cross-origin check when DEBUG=True for example ?

I can't modify the Access-Control-Allow-Origin . The request is made with jquery ajax function.

EDIT:

I've installed https://github.com/ottoyiu/django-cors-headers with pip install django-cors-headers , added the following in my settings.py 

if DEBUG:
    INSTALLED_APPS += ('corsheaders', )

CORS_ORIGIN_ALLOW_ALL = DEBUG

And put the middleware : 

MIDDLEWARE_CLASSES = [
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.locale.LocaleMiddleware',
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
...
}

But I still get the error :

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at _request_url_. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

If I inspect the response header, I don't see any Access-Control-Allow-Origin parameter.

2 answers

solution1
 7  2016-11-23 09:55:22

Install middleware: https://github.com/ottoyiu/django-cors-headers

In django settings.py add following setting:

DEBUG=True

CORS_ORIGIN_ALLOW_ALL = DEBUG

(if DEBUG is true Access-Control-Allow-Origin will be added to headers in response)

solution2
 1  2016-11-23 09:54:13

To add CORS headers to your response, install this to your django project:

https://github.com/ottoyiu/django-cors-headers

Since you want to connect from local, you cannot whitelist a particular host alone.

To enable CORS only when you have DEBUG=True , you can add corsheaders to your installed apps only when Debug is True: 

if DEBUG is True:
     INSTALLED_APPS += ('corsheaders', )

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question CORS django 'Access-Control-Allow-Origin' Django CORS Access-Control-Allow-Origin missing React and Django CORS header ‘Access-Control-Allow-Origin’ missing Django CORS issue: access-control-allow-origin is not allowed Access to XMLHttpRequest at .' from origin . has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present (Jquery, Ajax, Django, Cors, GET) No 'Access-Control-Allow-Origin' header - Cors Whitelist Ignored missing token ‘access-control-allow-origin’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel phant : No 'Access-Control-Allow-Origin' Access-Control-Allow-Origin error with XMLHttpRequest Access-Control-Allow-Origin while accessing
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM