I'm trying to make requests to my API(Django REST Framework) using Axios but I get the following error:
Access to XMLHttpRequest at 'http://trvl.hopto.org:8000/api/airports/MSP/routes' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Even tough when you use cUrl to check:
curl -I -X GET -H "Origin: http://localhost:3000" -H 'Access-Control-Request-Method: GET' http://trvl.hopto.org:8000/api/airports/MSP/routes 2>&1 | grep 'Access-Control-Allow-Origin'
Response: Access-Control-Allow-Origin: *
Full response from cUrl Options:
OPTIONS request: curl -I -X OPTIONS -H "Origin: http://localhost:3000" -H 'Access-Control-Request-Method: GET' http://trvl.hopto.org:8000/api/airports/MSP/routes
HTTP/1.1 200 OK
Date: Wed, 27 Mar 2019 10:58:01 GMT
Server: WSGIServer/0.2 CPython/3.6.8
Content-Type: text/html; charset=utf-8
Content-Length: 0
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with
Access-Control-Allow-Methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Max-Age: 86400
When using Axios:
let url = 'http://A.hopto.org:8000/api/airports/MSP/routes';
axios.get(url)
.catch((err) => {
console.error(err);
})
.then((response, ) => {
console.log(response);
});
Response:
Access to XMLHttpRequest at 'http://API.hopto.org:8000/api/airports/MSP/routes' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
The problem is the API has the CORS enabled but I cannot make it work with Axios and React in my WebApp.
UPDATE:
Here is my Django settings.py I'm using the https://github.com/ottoyiu/django-cors-headers module.
**settings.py**
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
ALLOWED_HOSTS = ['*']
# Application definition
INSTALLED_APPS = [
'corsheaders',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'trvl',
'rest_framework',
'coreapi',
'django_filters',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
#'corsheaders.middleware.CorsPostCsrfMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware'
]
CORS_ORIGIN_ALLOW_ALL = True
这是因为您忘记了网址末尾的“/”。
let url = 'http://A.hopto.org:8000/api/airports/MSP/routes/';
On your back end code you need to add add http://localhost:3000
as part of the response header for the field Access-Control-Allow-Origin
Also make sure your response has this field Access-Control-Allow-Methods
include GET
You mention that your backend API code has CORS enabled. If the above doesn't work can you update your post to include how you have it set up?
我需要将http://
前缀添加到我的localhost:8000
url
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.