我有一個本地的Django設置如下Django的本地主機CORS不工作
Django Rest Framework
:localhost:8000
AngularJS frontend
:local apache running on http://localservername
我已經安裝django-cors-headers
和我settings.py
,我設置我的
CORS_ORIGIN_WHITELIST = (
'http://localhost',
'localservername',
'http://localservername',
'127.0.0.1'
)
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
但是,我得到No 'Access-Control-Allow-Origin' header is present on the requested resource.
錯誤,只要我點擊從Rest Framework
提供的任何API。如果我設置了CORS_ORIGIN_ALLOW_ALL = True
,那麼API的工作正常,但對我的服務器端數據來說這是非常不安全的。
我必須改變以解決這個問題?
您是否在'django.middleware.common之前添加了'corsheaders.middleware.CorsMiddleware'。你的'INSTALLED_APPS'中的CommonMiddleware'和'corsheaders'? –
@DaniilRyzhkov,是的,我有,我會添加到我的問題 – Newtt
@HamletHakobyan,沒關係,因爲我的請求是從'localservername'到'localhost:8000' – Newtt