Aby*_*han 19 python django django-cors-headers
django-cors-headers不起作用
INSTALLED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.gis',
'corsheaders',
'rest_framework',
'world',
'userManager',
'markPost',
'BasicServices',
)
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True
一切都很正常,但没有奏效
这里我的回复标题
Cache-Control: max-age=0
Content-Type: text/html; charset=utf-8
Date: Tue, 20 Jan 2015 13:16:17 GMT
Expires: Tue, 20 Jan 2015 13:16:17 GMT
Last-Modified: Tue, 20 Jan 2015 13:16:17 GMT
Server: WSGIServer/0.1 Python/2.7.8
Set-Cookie: csrftoken=snXksqpljbCLW0eZ0EElFxKbiUkYIvK0; expires=Tue, 19-Jan-2016 13:16:17 GMT; Max-Age=31449600; Path=/
Vary: Cookie
X-Frame-Options: SAMEORIGIN
小智 17
我遇到了同样的问题,一切似乎都在正确的地方。然后我发现我在添加'corsheaders.middleware.CorsMiddleware',到MIDDLEWARE_CLASSES. 修正后,还是不行。尝试了一堆东西后,我在另一个浏览器中打开它,它工作正常。所以结果我只需要清除浏览器缓存。
Gre*_*Gus 15
不要忘记添加
'corsheaders.middleware.CorsMiddleware',
在 MIDDLEWARE 变量的顶部:
请参阅文档:
CorsMiddleware 应该放在尽可能高的位置,尤其是在任何可以生成响应的中间件之前,例如 Django 的 CommonMiddleware 或 Whitenoise 的 WhiteNoiseMiddleware。如果之前没有,它将无法将 CORS 标头添加到这些响应中。
dan*_*ius 14
根据CorsMiddleware的process_response代码:
response[ACCESS_CONTROL_ALLOW_ORIGIN] = "*" if (
settings.CORS_ORIGIN_ALLOW_ALL and
not settings.CORS_ALLOW_CREDENTIALS) else origin
您必须设置如下设置:
# CORS Config
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = False
尽管遵循了所有步骤django-cors-headers,Django 2但不知何故对我不起作用。飞行前检查将重新运行 405 错误。
我最终写了一个小的中间件:
from django import http
class CorsMiddleware(object):
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
response = self.get_response(request)
if (request.method == "OPTIONS" and "HTTP_ACCESS_CONTROL_REQUEST_METHOD" in request.META):
response = http.HttpResponse()
response["Content-Length"] = "0"
response["Access-Control-Max-Age"] = 86400
response["Access-Control-Allow-Origin"] = "*"
response["Access-Control-Allow-Methods"] = "DELETE, GET, OPTIONS, PATCH, POST, PUT"
response["Access-Control-Allow-Headers"] = "accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with"
return response
然后在我的中添加了这个中间件settings.py:
MIDDLEWARE = [
'apps.core.middleware.CorsMiddleware',
... others below it
]
这对我有用。
小智 8
我花了几个小时并尝试了很多解决方案来解决这个问题。我认为我们需要遵循这里提到的步骤
又一步:我添加后终于可以工作了:
CORS_ALLOW_HEADERS = ['*']
后:
ALLOWED_HOSTS=['*']
CORS_ORIGIN_ALLOW_ALL = True
我认为它允许所有标头,包括授权。
我猜 corsheaders 和点击劫持中间件不兼容。至少当我注释掉时,我摆脱了 X-Frame-Options 标题 django.middleware.clickjacking.XFrameOptionsMiddleware。
我刚CORS_ORIGIN_ALLOW_ALL = True设置。
如果要对此进行测试,则需要确保在请求中至少包含Origin头。
例如:
$ http GET http://127.0.0.1:8000/todos/ Origin:http://www.someorigin.com
HTTP/1.0 200 OK
Access-Control-Allow-Origin: *
Allow: GET, POST, HEAD, OPTIONS
Content-Type: application/json
Date: Sat, 14 Nov 2015 04:42:38 GMT
Server: WSGIServer/0.1 Python/2.7.10
Vary: Accept, Cookie
X-Frame-Options: SAMEORIGIN
通过预检CORS请求,您将获得更多反馈:
$ http OPTIONS http://127.0.0.1:8000/todos/ Origin:http://www.someorigin.com
HTTP/1.0 200 OK
Access-Control-Allow-Headers: x-requested-with, content-type, accept, origin, authorization, x-csrftoken, user-agent, accept-encoding
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Allow: GET, POST, HEAD, OPTIONS
Content-Type: application/json
Date: Sat, 14 Nov 2015 04:45:37 GMT
Server: WSGIServer/0.1 Python/2.7.10
Vary: Accept, Cookie
X-Frame-Options: SAMEORIGIN
| 归档时间: |
|
| 查看次数: |
24276 次 |
| 最近记录: |