如何让从前端服务器到django后端的请求不被CORS阻止

pbossiut  于 2023-05-01  发布在  Go
关注(0)|答案(2)|浏览(145)

我有一个前端,它向django后端发送请求。
这是我的django后端www.example中的一些内容 www.example.com

INSTALLED_APPS = [
    "corsheaders",
    "django.contrib.admin",
    "django.contrib.auth",
    "django.contrib.contenttypes",
    "django.contrib.sessions",
    "django.contrib.messages",
    "django.contrib.staticfiles",
    'api',
    'django_extensions',
    'rest_framework',
    'rest_framework.authtoken',
]

MIDDLEWARE = [
    "corsheaders.middleware.CorsMiddleware",
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
]

CORS_ALLOWED_ORIGINS = [
    "http://localhost:3000",
]

当从运行在http://localhost:3000上的前端发送请求时,django会出现以下错误:

Forbidden (Origin checking failed - http://localhost:3000 does not match any trusted origins.): /get_user

我也试着在www.example中添加以下内容 www.example.com 中的com:

CSRF_TRUSTED_ORIGINS = [
    "http://localhost:3000",
]

这反而会导致以下错误:

Forbidden (CSRF cookie not set.): /get_user

如果我已经将URL添加到CORS_ALLOWED_ORIGINS,为什么会出现此错误?

14ifxucb

14ifxucb1#

你是不是想让一切都只是为了测试?

CORS_ALLOW_ALL_ORIGINS = True
9lowa7mx

9lowa7mx2#

添加允许的来源以及白名单来源。有关详细信息,您可以阅读这篇geeksforgeeks文章。
网址:https://www.geeksforgeeks.org/how-to-enable-cors-headers-in-your-django-project/

相关问题