stackoom
  简体   繁体   中英

django-cors-headers dont work with DRF(Django Rest Framework)

 原文  2018-08-01 18:15:28       python/ django/ django-rest-framework/ python-3.6/ django-cors-headers

Question

I'm trying to add django-cors-headers to my django rest API to add the HTTP header Access-Control-Allow-Origin in the response object, but I have not managed to make it work. I have followed the instructions in the official documentation but I can not get it to work.

Here is the content of my settings.py file:

... INSTALLED_APPS = [ 'suit', 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', 'corsheaders', 'hvad', 'rest_framework.authtoken', 'rest_framework_swagger', 'accounts.apps.AccountsConfig', 'rest_auth', ] ... MIDDLEWARE:[ 'corsheaders.middleware.CorsMiddleware', 'django.middleware.common.CommonMiddleware', ... ] ... # CORS Config CORS_ORIGIN_ALLOW_ALL = True CORS_ALLOW_CREDENTIALS = False

I'm using:

  • Django 1.11.14
  • django-cors-headers 2.4.0
  • djangorestframework 3.8.2
  • python 3.6.5
  • pip 10.0.1
  • Windows 10

3 answers

solution1
 1  2018-08-02 18:23:01

If you are Using Chrome, Use https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi?hl=en

================================================================================ 

CORS_URLS_REGEX = r'^/*$'

CORS_ALLOW_METHODS

A list of HTTP verbs that are allowed for the actual request. Defaults to:

CORS_ALLOW_METHODS = (
    'DELETE',
    'GET',
    'OPTIONS',
    'PATCH',
    'POST',
    'PUT',
)

CORS_ALLOW_HEADERS = (
    'accept',
    'accept-encoding',
    'authorization',
    'content-type',
    'dnt',
    'origin',
    'user-agent',
    'x-csrftoken',
    'x-requested-with',
)

solution2
 0  2019-03-10 19:26:43

django-cors-headers is reasonably fool-proof and your configuration seems correct to me.

There is however a gotcha I've had issues with too:
If you configure your server to serve static files without invoking Django / Python (pretty common, even on the built-in server), django-cors-headers cannot apply a CORS header to those responses.
Depending on the browser, this will cause problems with asynchronous requests, fonts and sometimes even images, video and audio.

More info on CORS

solution3
 0 ACCPTED  2021-12-20 21:55:22

Finally, It works only when I create a new middleware file, here's the content of my middleware.

1- Put this file under <your_app>/middleware/cors.py

2- Edit your setting.py to add the new middleware 

# -*- coding:utf-8 -*-

from django.http import HttpResponse
from django.utils.deprecation import MiddlewareMixin


class CorsMiddleware(MiddlewareMixin):
    def process_response(self, request, response):
        response["Acces-Control-Allow-Origin"] = "*"
        return response

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question django-cors-headers not work Django-cors-headers not working django-cors-headers not working at all django.urls, django rest and django-cors-headers - trouble with imports Django ALLOWED_HOSTS vs CORS(django-cors-headers) django-cors-headers does not allow a request from an allowed origin django-cors-headers CORS_ORIGIN_WHITELIST tuple vs string issue How to dynamically populate CORS_ORIGIN_WHITELIST from the database with django-cors-headers? 'Access-Control-Allow-Origin' header contains multiple values '*, *', while using django-cors-headers django-cors-headers not working: No 'Access-Control-Allow-Origin' header is present on the requested resource
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM