我有一个前端,它向django后端发送请求。
这是我的django后端www.example中的一些内容 www.example.com
INSTALLED_APPS = [
"corsheaders",
"django.contrib.admin",
"django.contrib.auth",
"django.contrib.contenttypes",
"django.contrib.sessions",
"django.contrib.messages",
"django.contrib.staticfiles",
'api',
'django_extensions',
'rest_framework',
'rest_framework.authtoken',
]
MIDDLEWARE = [
"corsheaders.middleware.CorsMiddleware",
"django.middleware.security.SecurityMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
"django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
]
CORS_ALLOWED_ORIGINS = [
"http://localhost:3000",
]
当从运行在http://localhost:3000上的前端发送请求时,django会出现以下错误:
Forbidden (Origin checking failed - http://localhost:3000 does not match any trusted origins.): /get_user
我也试着在www.example中添加以下内容 www.example.com 中的com:
CSRF_TRUSTED_ORIGINS = [
"http://localhost:3000",
]
这反而会导致以下错误:
Forbidden (CSRF cookie not set.): /get_user
如果我已经将URL添加到CORS_ALLOWED_ORIGINS,为什么会出现此错误?
2条答案
按热度按时间14ifxucb1#
你是不是想让一切都只是为了测试?
9lowa7mx2#
添加允许的来源以及白名单来源。有关详细信息,您可以阅读这篇geeksforgeeks文章。
网址:https://www.geeksforgeeks.org/how-to-enable-cors-headers-in-your-django-project/