django-cors-headers not work

python django django-cors-headers
Aby-Chan picture Aby-Chan · Jan 20, 2015 · Viewed 43.9k times · Source

django-cors-headers not work

INSTALLED_APPS = (
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'django.contrib.gis',
    'corsheaders',
    'rest_framework',
    'world',
    'userManager',
    'markPost',
    'BasicServices',
)


MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
)

CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True

Everything is normal, but did not work

here my response headers

Cache-Control: max-age=0
Content-Type: text/html; charset=utf-8
Date: Tue, 20 Jan 2015 13:16:17 GMT
Expires: Tue, 20 Jan 2015 13:16:17 GMT
Last-Modified: Tue, 20 Jan 2015 13:16:17 GMT
Server: WSGIServer/0.1 Python/2.7.8
Set-Cookie: csrftoken=snXksqpljbCLW0eZ0EElFxKbiUkYIvK0; expires=Tue, 19-Jan-2016 13:16:17 GMT; Max-Age=31449600; Path=/
Vary: Cookie
X-Frame-Options: SAMEORIGIN

Answer

danius picture danius · Mar 3, 2015

According to the process_response code from CorsMiddleware:

response[ACCESS_CONTROL_ALLOW_ORIGIN] = "*" if (
            settings.CORS_ORIGIN_ALLOW_ALL and
            not settings.CORS_ALLOW_CREDENTIALS) else origin

You must set settings like this:

# CORS Config
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = False

Related questions

import error django corsheaders

i am a beginner in django. i am doing project based on it. project has two stages. i completed first phase and uploaded the code to amazon ec2 instance. after completing second phase i added some packages like python-social-auth, django-cors-headers, …

Read More
Django Python rest framework, No 'Access-Control-Allow-Origin' header is present on the requested resource in chrome, works in firefox

I have researched and read quite a few Stackoverflow posts on the same issue. None have resolved my issue. My problem is that I am getting the "...No 'Access-Control-Allow-Origin' header is present on the requested resource..." error in my console. …

Read More
Django Localhost CORS not working

I have a local Django setup as follows Django Rest Framework:localhost:8000 AngularJS frontend:local apache running on http://localservername I've installed django-cors-headers and in my settings.py, I've setup my CORS_ORIGIN_WHITELIST = ( 'http://localhost', 'localservername', 'http://localservername', '127.0.0.1…

Read More