Jas*_*ser 5 python django rest cors django-cors-headers
因此,我将django-cors-headers与带有Django 1.11.x的Rest Framework一起使用,并且我已经大致遵循了一般建议,但是,我仍然x has been blocked by CORS policy: No 'Access-Control-Allow-Origin'在请求的资源上使用header。”可以看到,我已经在INSTALLED_APPS和'corsheaders.middleware.CorsMiddleware'上添加了“ corsheaders” Middleware,并且我也将其设置CORS_ORIGIN_ALLOW_ALL为true和CORS_ALLOW_CREDENTIALStrue。甚至包括白名单选项,尽管据我了解,如果CORS_ORIGIN_ALLOW_ALL将其设置为true,白名单是不需要的,我也有pip3 install django-cors-headers什么关系???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????就必道之·,我已经阅读了django-cors-headers仓库中的自述文件,我想知道为什么它不起作用。
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'corsheaders',
'books.apps.BooksConfig',
]
MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True
CSRF_TRUSTED_ORIGINS = (
'localhost:5555'
)
从本地主机:5555访问的我的js文件是:
var request = $.ajax({
type: 'GET',
url: url,
dataType: 'json',
xhrFields: {
withCredentials: true
}});