Menu
I cannot solve CORS problem in my Django API. When I make a call to this API, I get error:
Access to fetch at 'http://localhost:8000/' from origin 'http://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
To enable CORS, I did pip install django-cors-headers and added the following code to settings.py:
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'corsheaders',
]
MIDDLEWARE_CLASSES = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
CORS_ORIGIN_WHITELIST = [
'localhost:80',
'localhost:8000',
'127.0.0.1:8000'
]
I should say that I run my project on Docker. This is docker-compose.yml:
version: '2'
services:
django-docker:
build:
context: .
dockerfile: Dockerfile.django
container_name: my.django
image: my-django
ports:
- 8000:8000
webapp-docker:
build:
context: .
dockerfile: Dockerfile.webapp
container_name: my.webapp
image: my-web
ports:
- 80:80
861
Cross-Origin Resource Sharing (CORS) errors occur when a server doesn't return the HTTP headers required by the CORS standard. To resolve a CORS error from an API Gateway REST API or HTTP API, you must reconfigure the API to meet the CORS standard.
Solving CORS error the right way For example, if you want to solve this on the express. js then all you have to do is use a certain middleware that will handle the origin key. But, for any non-standard HTTP request like PUT, PATCH, DELETE, you'll have to preflight them.
To get rid of a CORS error, you can download a browser extension like CORS Unblock ↗. The extension appends Access-Control-Allow-Origin: * to every HTTP response when it is enabled. It can also add custom Access-Control-Allow-Origin and Access-Control-Allow-Methods headers to the responses.
You need to add corsheaders.middleware.CorsMiddleware middleware to the middleware classes in settings.py :
MIDDLEWARE_CLASSES = (
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.BrokenLinkEmailsMiddleware',
'django.middleware.common.CommonMiddleware',
#...
)
You have duplicate django.middleware.common.CommonMiddleware in your middleware classes.
You can then, either enable CORS for all domains by adding the following setting:
CORS_ORIGIN_ALLOW_ALL = True
Or Only enable CORS for specified domains:
CORS_ORIGIN_ALLOW_ALL = False
CORS_ORIGIN_WHITELIST = (
'http://localhost:8000',
)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
