Comments (6)
itekhi
commented on August 19, 2024
SAME!!
Edit: I read the code of CorsMiddleware and for some reason it checks for Origin header, and if there's no Origin header, it just returns the view. I checked, and my browser didn't provide it. I guess it is a CORS spec? ;)
from django-cors-headers.
jeffthomasweb
commented on August 19, 2024
Hi, one of the official Docker examples for Django adds local host to the environment file as seen here https://github.com/docker/awesome-compose/blob/master/django/app/example/settings.py#L37. I don’t use Docker but this may be worth a try.
from django-cors-headers.
outwrq
commented on August 19, 2024
@itekhi - Is there something you have implemented to resolve this for a specific origin?
from django-cors-headers.
itekhi
commented on August 19, 2024
@outwrq Hello, I did not. I guess Origin header is only sent by the browser when making cross-origin requests. So I didn't want to put a security hole in my app, so I just switched to Token-based authentication :)
from django-cors-headers.
jeffthomasweb
commented on August 19, 2024
Looking into this further, your developer tools screenshot displays that you're running a JavaScript file that is making a fetch request to another site. If you look in the Dev Tools console you'll see a more detailed error. If you see an error like:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at [the site fetch() is attempting to access] (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.
you need to add the specific site to CORS_ALLOWED_ORIGINS in the Django settings file. More info can be found here https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowOrigin.
from django-cors-headers.
adamchainz
commented on August 19, 2024
Please read the resources: https://github.com/adamchainz/django-cors-headers#about-cors .
from django-cors-headers.
Related Issues (20)
- Support for Access-Control-Allow-Private-Network: true HOT 2
- Fail to filter origin if present HOT 3
- 'Access-Control-Allow-Origin' response header returning wildcard '*' even though CORS_ALLOW_ALL_ORIGINS = False and CORS_ALLOW_CREDENTIALS = True HOT 3
- On Django 4.1, HOT 1
- i stll see this erorr Access to font at 'https://fra1.digitaloceanspaces.com/ewan-space/ewan/static/admin/fonts/Roboto-Regular-webfont.woff' from origin 'http://127.0.0.1:9000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. HOT 1
- Allow to have a list of patterns for `CORS_URLS_REGEX` HOT 1
- Listing Origin, DNT, or Accept-Encoding as allowed request headers is never necessary HOT 1
- No "Access-Control-Allow-Origin" in response despite all being set properly HOT 19
- Access-Control-Allow-Credentials absent from response headers HOT 1
- Django CORS issue with VUE HOT 1
- Request is lacking Cookie, csrftoken, sessionid after hitting the back. HOT 2
- How to set Access-Control-Allow-Origin for "chrome-extension://*" HOT 1
- Access to XMLHttpRequest from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. HOT 1
- [help]Unable to set CORS headers after configuring the library HOT 6
- origin not in headers HOT 2
- Incompatible with Daphne under ASGI HOT 5
- check_request_enabled.send() should not be called from an async context HOT 2
- no "Access-Control-Allow-Origin" when open site from google HOT 4
- No "Access-Control-Allow-Origin" on fresh django project HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-cors-headers.