Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Django Angular cors error: access-control-allow-origin not allowed

Tags:

angular

django

django-rest-framework

django-rest-auth

I have implemented auth in my django app using django-rest-auth. My settings in settings.py:

ALLOWED_HOSTS = []

# Application definition

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'rest_framework',
    'rest_framework.authtoken',
    'rest_auth',
    'django.contrib.sites',
    'allauth',
    'allauth.account',
    'rest_auth.registration',
    'corsheaders',
    'rest_framework_docs',
    'tasks'
]

MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

ROOT_URLCONF = 'urls'
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True
ALLOWED_HOSTS = ['*']

SITE_ID = 1

I am logged in from my frontend- I receieved a token with I have stored in my local storage. Now I making a simple GET request like following:

  getTasks(): Observable<Task[]> {

    let headers = new Headers({ 'Access-Control-Allow-Origin': '*' });
    let options = new RequestOptions({ headers: headers, withCredentials: true  });

    return this.http.get(this.taskUrl, options)
    .map(this.extractData)
    .catch(this.handleError);
  }

But it gives me : Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response. although I am including withCredentials.

What am I doing wrong?

P.S: If I remove options from POST then there is no error but I get incorrect data because my backend returns data for a specific user.

like image 509
Thinker Avatar asked Jul 22 '17 15:07

Thinker

1 Answers

Remove this line,

let headers = new Headers({ 'Access-Control-Allow-Origin': '*' });

from your getTasks() function. You don't need to specify those options to the server. django-cors-headers takes care of that.

like image 172
zaidfazil Avatar answered Nov 11 '22 15:11

zaidfazil
Sign in to Comment

Related questions

Syncing VirtualEnvs in multiple computer
DRF Custom permission
DRF - is it possible to combine multiple filter parameters in the URL with some kind of OR logical symbol
How to use one to many models in Django rest framework
how to filter nested related django objects
How to display Model data in a Django Template
django jsonfield querying on a value which is an array
What is the command to force all migrations in Django?
Filtering Django REST framework using IN operator
Postgresql in memory database django
Encrypt django model field using python 3.5
What exactly happens on the computer when multiple requests came to the webserver serving django or pyramid application?
mod_wsgi unable to connect WSGI daemon process
Maximum of an annotation after a group by
How to run django and wordpress on NGINX server using same domain?
How to log Python warnings in a Django log file?
Django Rest Framework - Updating a model using model.ModelViewSet
How do I write tests for the functionality of Django admin pages?
Django primarykey serializer "This field may not be null" while allow_null=True
Filtering Django ModelViewSet List From Url Parameter

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!