堆栈内存溢出
  繁体   English   中英

Axios 被 Django REST 框架的 CORS 策略阻止

[英]Axios blocked by CORS policy with Django REST Framework

 原文  2019-03-26 21:53:27       javascript/ reactjs/ django-rest-framework/ axios/ django-cors-headers

问题描述

我正在尝试使用 Axios 向我的 API(Django REST 框架)发出请求,但出现以下错误:

Access to XMLHttpRequest at 'http://trvl.hopto.org:8000/api/airports/MSP/routes' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

当你使用 cUrl 来检查时,甚至很难:

curl -I -X GET   -H "Origin: http://localhost:3000"   -H 'Access-Control-Request-Method: GET'   http://trvl.hopto.org:8000/api/airports/MSP/routes 2>&1 | grep 'Access-Control-Allow-Origin'
Response: Access-Control-Allow-Origin: *

Full response from cUrl Options:
OPTIONS request: curl -I -X OPTIONS   -H "Origin: http://localhost:3000"   -H 'Access-Control-Request-Method: GET'   http://trvl.hopto.org:8000/api/airports/MSP/routes
HTTP/1.1 200 OK
Date: Wed, 27 Mar 2019 10:58:01 GMT
Server: WSGIServer/0.2 CPython/3.6.8
Content-Type: text/html; charset=utf-8
Content-Length: 0
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with
Access-Control-Allow-Methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Max-Age: 86400

使用 Axios 时:

let url = 'http://A.hopto.org:8000/api/airports/MSP/routes';

axios.get(url)
      .catch((err) => {
        console.error(err);
      })
      .then((response, ) => {
        console.log(response);
      });


Response:
Access to XMLHttpRequest at 'http://API.hopto.org:8000/api/airports/MSP/routes' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

问题是 API 启用了 CORS,但我无法让它在我的 WebApp 中与 Axios 和 React 一起使用。

更新:

Here is my Django settings.py I'm using the https://github.com/ottoyiu/django-cors-headers module.

**settings.py**

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True

ALLOWED_HOSTS = ['*']

# Application definition

INSTALLED_APPS = [
    'corsheaders',
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'trvl',
    'rest_framework',
    'coreapi',
    'django_filters',
]

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    #'corsheaders.middleware.CorsPostCsrfMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware'
]

CORS_ORIGIN_ALLOW_ALL = True

3 个解决方案

解决方案1
 5  2020-06-01 15:39:49

这是因为您忘记了网址末尾的“/”。

let url = 'http://A.hopto.org:8000/api/airports/MSP/routes/';

解决方案2
 0  2019-03-27 00:00:42

在您的后端代码中,您需要添加http://localhost:3000作为字段Access-Control-Allow-Origin的响应标头的一部分

还要确保您的响应具有此字段Access-Control-Allow-Methods include GET

您提到您的后端 API 代码启用了 CORS。 如果上述方法不起作用,您可以更新您的帖子以包括您的设置方式吗?

解决方案3
 0  2020-08-08 18:27:51

我需要将http://前缀添加到我的localhost:8000 url

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 被 CORS 政策阻止:响应 js 应用程序问题。 阿克西奥斯 XMLHttpRequest 被 CORS 策略阻止 访问被 CORS 策略阻止 CSRF和CORS与Django(REST框架) 访问被 CORS 策略阻止的脚本 “被 CORS 政策阻止”,但存在标题 cors 策略阻止的本地 xml 被 CORS 策略和 nginx docker 阻止 React 和 Axios:Axios 无法访问 Java/SpringBoot REST 后端服务,因为 Z5A8FEFF0B4B604BDE3EEC9D924 策略 如何在 django rest 框架中使用 CORS?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM