{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 淡お忘 的问题《Django Python rest framework, No 'Access-Contr》','https://www.manongdao.com/q-1182022.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have researched and read quite a few Stackoverflow posts on the same issue. None have resolved my issue.
My problem is that I am getting the "...No 'Access-Control-Allow-Origin' header is present on the requested resource..." error in my console.
I am using:
Chrome Version 57.0.2987.133 Firefox Version 52.0.2
Python 2.7 Django 1.11a1
AngularJS
I am using MAMP to serve my front-end Angular stuff, and the django server for the backend stuff.
In my django settings I have included the cors middleware and tried both the whitelist approach and just setting all to true:
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
CORS_ORIGIN_ALLOW_ALL = True
On google chrome I still get this error:
localhost/:1 XMLHttpRequest cannot load {my endpoint url}. Redirect from {my endpoint url} to {my endpoint url with a } has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin {requesting url} is therefore not allowed access.
It works appropriately on Firefox, and I can't figure out why it won't work for google chrome. I haven't tried any other types of browsers. Any help will be very appreciated, thank you.
the reason that is chrome browse; you can install CORS Toggle app in chrome or deploy your web code to nginx or apache then using chrome.
You can install django-cors-headers app and in the settings.py you should put
'corsheaders'in the INSTALLED_APPS andin the starting of the MIDDLEWARE of the settings
The README of the Github link explains the details
Check your request url first.I had this problem when use vue-resource .And then find i missing '/' at the end or url.
Old question, but I'm not seeing this solution, which worked for me, anywhere. So hoping this can be helpful for someone.
Cross-origin requests in this context are only possible if the partner site's server allows it through their response headers.
I got this to work in Django without any CORS middleware by setting the following headers on the response:
Most answers on StackOverflow seem to mention the first one, but not the second two. I've just confirmed they are all required. You'll want to modify as needed for your framework or request method (GET, POST, OPTION).
p.s. You can try
"*"instead of"requesting_site.com"for initial development just to get it working, but it would be a security hole to allow every site access. Once working, you can restrict it for your requesting site only to make sure you don't have any formatting typos.Install the cors-headers package with
Adds to your installed apps
Add on your MIDDLEWARE remember to add as being the first in the list
Before installed apps put this configuration for anyone to access
Or create a list of hits
Perhaps you need to take a look at how you are calling your middlewares. If they are not in the correct sequence they might throw this error. It seems like your
'django.middleware.security.SecurityMiddleware'needs to be pushed below the'corsheaders.middleware.CorsMiddleware'. Also, it looks like you might have to addCORS_ALLOW_CREDENTIALS = Truein your code as well.Hope this helps.