Menu
The server answer with a Access-Control-Allow-Origin value set for the production. Is there a way to be permissive when the requests come from my development server ? Is there a Django setting to disable the cross-origin check when DEBUG=True for example ?
I can't modify the Access-Control-Allow-Origin. The request is made with jquery ajax function.
EDIT:
I've installed https://github.com/ottoyiu/django-cors-headers with pip install django-cors-headers, added the following in my settings.py
if DEBUG:
INSTALLED_APPS += ('corsheaders', )
CORS_ORIGIN_ALLOW_ALL = DEBUG
And put the middleware :
MIDDLEWARE_CLASSES = [
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.locale.LocaleMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
...
}
But I still get the error :
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at _request_url_. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
If I inspect the response header, I don't see any Access-Control-Allow-Origin parameter.
415
To allow any site to make CORS requests without using the * wildcard (for example, to enable credentials), your server must read the value of the request's Origin header and use that value to set Access-Control-Allow-Origin , and must also set a Vary: Origin header to indicate that some headers are being set ...
This error occurs when a script on your website/web app attempts to make a request to a resource that isn't configured to accept requests coming from code that doesn't come from the same (sub)domain, thus violating the Same-Origin policy.
The easiest and most reliable way to CORS in Safari is to disable CORS in the develop menu. Enable the develop menu by going to Preferences > Advanced. Then select “Disable Cross-Origin Restrictions” from the develop menu.
This happens if you haven't set up CORS configuration correctly. you can fix this on you'r local machine using a plugin/extension called Allow-Control-Allow-Origin and add you'r localhost into it. The other way is to manually fix the configuration in server side.
Install middleware: https://github.com/ottoyiu/django-cors-headers
In django settings.py add following setting:
DEBUG=True
CORS_ORIGIN_ALLOW_ALL = DEBUG
(if DEBUG is true Access-Control-Allow-Origin will be added to headers in response)
141
To add CORS headers to your response, install this to your django project:
https://github.com/ottoyiu/django-cors-headers
Since you want to connect from local, you cannot whitelist a particular host alone.
To enable CORS only when you have DEBUG=True, you can add corsheaders to your installed apps only when Debug is True:
if DEBUG is True:
INSTALLED_APPS += ('corsheaders', )
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
