Home > database >  I have CORS whitelisted in Django and the Cross Origin Request is still blocked
I have CORS whitelisted in Django and the Cross Origin Request is still blocked

Time:04-03

I have a Vue front-end and a Django back-end and I have CORS enabled in settings.py, but I still get these errors:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8000/api/register. (Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8000/api/register. (Reason: CORS request did not succeed). Status code: (null).

This is at the bottom of my settings.py file:

CORS_ORIGIN_ALLOW_ALL = False
CORS_ORIGIN_WHITELIST = (
    'http://localhost:8080',
    'http://localhost:8000',
)

CodePudding user response:

You have whitelisted your endpoint, but with CORS, there are a couple of things that you also need to properly set it up.

  • Access-Control-Allow-Origin
  • Access-Control-Allow-Headers
  • Access-Control-Allow-Methods
  • Access-Control-Allow-Credentials

You've done whitelisted your origin, but headers, methods, and credentials might not be configured yet on your Django project. Headers and Methods are having defaulted values as django-cors-headers documentation. So the last one is Credentials, you might want to check if your project requires authentication or not. If so then CORS_ALLOW_CREDENTIALS (default is False) is the one you might want to have a look at, set it to true if your project needs it.

  • Related