Django,google 应用引擎,桶号 'Access-Control-Allow-Origin'

Django, google app engine, bucket No 'Access-Control-Allow-Origin'

你好,我有一个我无法解决的问题。现在我有一个简单的 Django 项目,我即将完成。几天前,我将我的静态文件和媒体文件上传到 google 云 sql-bucket。通常媒体文件一切正常,但当我上传静态文件时,事情开始发生。这里有一些错误信息(30+):

Access to script at 'https://storage.googleapis.com/blablabla/debug_toolbar/js/toolbar.js' from origin 'http://127.0.0.1:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
GET https://storage.googleapis.com/blablabla/debug_toolbar/js/toolbar.js net::ERR_FAILED
Access to font at 'https://storage.googleapis.com/blablabla/Fonts/jost/Jost-500-Medium.woff2' from origin 'http://127.0.0.1:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

通常情况下,django 不接受我的静态文件,因为它们在其他地方,但我加载了 django-cors-headers(我不知道它是全名。)并且 django 接受大部分 css 文档。这是我的settings.py(我粘贴的时候剪掉了一些部分):

ALLOWED_HOSTS = ['*']
INSTALLED_APPS = [
    'honeypot',
    'ckeditor',
    'ckeditor_uploader',
    'modeltranslation',
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'corsheaders',
    'Product.apps.ProductConfig',
    'captcha',
    'admin_honeypot',
]
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.locale.LocaleMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'corsheaders.middleware.CorsPostCsrfMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
CORS_ALLOW_CREDENTIALS = True
CORS_ALLOWED_ORIGINS = (
    'http://127.0.0.1:8000',
    'http://localhost:8000',
    'https://storage.googleapis.com',
    'https://googleapis.com',
)
CSRF_TRUSTED_ORIGINS = [
    'http://127.0.0.1:8000',
    'http://localhost:8000',
    'https://storage.googleapis.com',
    'https://googleapis.com',
]

但我的问题从这里开始。例如我有 4 css 并且例如在我的第一个 css(theme.css) 中有这样的行:

@font-face {
  font-family: "Jost";
  font-weight: 600;
  src: url(https://storage.googleapis.com/blablabla/Fonts/jost/Jost-600-Semi.woff2) format("woff2"), url(https://storage.googleapis.com/blablabla/Fonts/jost/Jost-600-Semi.woff) format("woff"), url(https://storage.googleapis.com/blablabla/Fonts/jost/Jost-600-Semi.ttf) format("truetype"); }

或调试工具栏文档中的 toolbar.js

import { $$, ajax } from "./utils.js";

我所有的 css 和字体文件都在同一个 google 存储桶中。我的网站接受 css 文档但不接受我粘贴的内部引用。而且我不知道错误在哪里。我到处搜索,但找不到任何解决方案。我希望有一个人可以帮助我。而且我认为这个错误不是因为 django,可能是因为 google

好像是配置CORS的问题。我认为在 Google Documentation.

中对此有很好的解释

在快捷方式中,您需要使用 gcloud、REST API 或您提供的编程语言库(文档中的示例)配置 bucket cors。如果您设置 origin

,GCS 将添加 Access-Control-Allow-Origin header

origin header 的功能描述得很好 here:

If the origin in a browser's request matches an origin in your CORS configuration, Cloud Storage returns Access-Control-Allow-Origin to the browser. If there is no match, Cloud Storage does not include Access-Control-Allow-Origin in the response. You can supply a wildcard value that grants access to all origins: <Origin>*</Origin>.