Enabling CORS (Cross Origin Request) in Django

javascript django cors cross-domain overpass-api
19,945

Solution 1

I was having the same problem while trying to access my Django Rest Framework API hosted at Heroku from my laptop (localhost). I am using Django 1.10.2, DRF 3.4.7 and python v3.4.

I did pip install django-cors-headers (version 1.2.2) and configured it as the docs say and then, the same error again :(

Keep searching for hours and then it hit me!

I did pip install django-cors-middleware (version 1.3.1) without uninstalling the django-cors-headers package. Also I didn't touch a thing in my settings.py file (it was configured as the django-cors-headers settings, although these two packages do not have many differences - the latter is a fork of the first).

Hit refresh (from localhost) and everything worked brilliantly!

I was now able to fetch data from myapp.herokuapp.com via jQuery's ajax method.

Solution 2

CORS_ORIGIN_ALLOW_ALL = true

should be:

CORS_ORIGIN_ALLOW_ALL = True

T capital letter for True. Add additional required middleware 

MIDDLEWARE = ['corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware', ]

and register 'corsheaders', to INSTALLED_APPS.

Solution 3

Remember to put the 'corsheaders.middleware.CorsMiddleware' in the top of your list, and also the 'django.middleware.common.CommonMiddleware' is already a standard middleware

MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]
Share:
19,945
Abendsen
Author by

Abendsen

Updated on September 15, 2022

Comments

  • Abendsen
    Abendsen over 1 year

    I'm trying to make use of the overpass API http://wiki.openstreetmap.org/wiki/Overpass_API with a JavaScript XMLHttpRequest in a project running on Django but I keep getting the

     Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.google.com/accounts/ClientLogin. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

    error. I get this error whether I'm using GET or POST, and from any other host, not just the overpass API.

    I've installed django-cors-headers https://github.com/ottoyiu/django-cors-headers and followed the instructions there, putting 'corsheaders' into INSTALLED_APPS, and 'corsheaders.middleware.CorsMiddleware', 'django.middleware.common.CommonMiddleware', into MIDDLEWARE_APPS and I've set 

    CORS_ORIGIN_ALLOW_ALL = true

    in settings.py but nothing seems to work. I'm running it locally with 

    python manage.py runserver

    but I'm also hosting it on openshift. Neither on of these work, they both give the error above.

    Please let me know if I am missing anything here.

  • inostia
    inostia over 4 years
    Why would this work? django-cors-header and django-cors-middleware do not depend on each other, so why would both be required? It did work for me... but I'm confused why.
  • nik_m
    nik_m over 4 years
    Actually, django-cors-middleware is a fork of django-cors-headers (they mention it in their docs). So, that's how it works!
  • SULPHURIC ACID
    SULPHURIC ACID almost 3 years
    where to add CORS_ORGIN_ALLOW_ALL = TRUE.
  • Devang Hingu
    Devang Hingu over 2 years
    @SULPHURICACID in your settings file

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

THREE.js: Cross-origin image load denied by Cross-Origin Resource Sharing policy
Uncaught Reference Error: stLight is not defined (in Chrome only)
CORS Problems: header contains multiple values, but only one is allowed
Access-Control-Request-Header: - x-requested-with
Issue with crossorigin anonymous failing to load images
AngularJS: POST Data to External REST API
Canvas tainted by cross-origin data
Understanding AJAX CORS and security considerations
Cross-domain connection in Socket.IO
Is CORS a secure way to do cross-domain AJAX requests?