Django CORS Headers 没有按照文档中的建议工作
Django CORS Headers not Working as Suggested in Docs
Django Cors 的 DOCS Headers,https://pypi.org/project/django-cors-headers/,
明确指出 CORS_ALLOWED_ORIGINS:
Previously this setting
was called CORS_ORIGIN_WHITELIST, which still works as an alias, with
the new name taking precedence.
从代码来看,如果我使用 CORS_ORIGIN_WHITELIST,我的请求会通过,但如果我使用 CORS_ALLOWED_ORIGINS,同时注释掉 CORS_ORIGIN_WHITELIST,我的请求将被阻止。在我的选项请求中,我没有得到任何响应,随后的 POST 请求被阻止。
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
#APPS
....
#ADDL FRAMEWORKS
'corsheaders',
'rest_framework',
'oauth2_provider',
'django_extensions',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
CORS_ORIGIN_WHITELIST = [
'http://127.0.0.1:3000',
'http://localhost:3000'
]
# CORS_ALLOWED_ORIGINS = [
# 'http://127.0.0.1:3000',
# 'http://localhost:3000',
# ]
CORS_ALLOW_METHODS = [
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
]
CORS_ALLOW_HEADERS = [
'accept',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
]
这是一个 VERSION 错误。 CORS_ORIGIN_WHITELIST 在版本 3.5.0 中更改为 CORS_ALLOWED_ORIGIN,而我似乎 运行 是旧版本。
Django Cors 的 DOCS Headers,https://pypi.org/project/django-cors-headers/,
明确指出 CORS_ALLOWED_ORIGINS:
Previously this setting was called
CORS_ORIGIN_WHITELIST, which still works as an alias, with the new name taking precedence.
从代码来看,如果我使用 CORS_ORIGIN_WHITELIST,我的请求会通过,但如果我使用 CORS_ALLOWED_ORIGINS,同时注释掉 CORS_ORIGIN_WHITELIST,我的请求将被阻止。在我的选项请求中,我没有得到任何响应,随后的 POST 请求被阻止。
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
#APPS
....
#ADDL FRAMEWORKS
'corsheaders',
'rest_framework',
'oauth2_provider',
'django_extensions',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
CORS_ORIGIN_WHITELIST = [
'http://127.0.0.1:3000',
'http://localhost:3000'
]
# CORS_ALLOWED_ORIGINS = [
# 'http://127.0.0.1:3000',
# 'http://localhost:3000',
# ]
CORS_ALLOW_METHODS = [
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
]
CORS_ALLOW_HEADERS = [
'accept',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
]
这是一个 VERSION 错误。 CORS_ORIGIN_WHITELIST 在版本 3.5.0 中更改为 CORS_ALLOWED_ORIGIN,而我似乎 运行 是旧版本。