Home > other >  CORS not filtering anything out
CORS not filtering anything out

Time:07-04

I'm trying to see if CORS is working on my Django application.

I call my own API from a JS static file in my project.

After implementing CORS to not allow any requests to my API, I still am able to call the API successfully from my script. Shouldn't CORS reject my call since I'm not on the "ALLOWED_ORIGINS"?

CORS_ORIGIN_ALLOW_ALL = False
CORS_ALLOWED_ORIGINS = []

MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
....
]

INSTALLED_APPS = [
   ...
    'corsheaders',
]

CodePudding user response:

CORS headers are used to signal web browsers which calls are allowed.

I wouldn't expect a CORS library to do any back-end verification.

So if you are testing your API entry points outside a browser, using a script, your CORS configuration should only be reflected in the headers sent.

CORS documentation: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

corsheaders.middleware.CorsMiddleware documentation: https://pypi.org/project/django-cors-headers/

CodePudding user response:

As it seems your code working fine it should reject your HTTP request JUST try making same request in chrome(incognito) If it worked ( reject your call ) then just clear your browser cache

Page link:https//www.codepudding.com/other/463590.html

Prev:Unable to save my form field getting error again and again
Next:How to control the size of <label> element in React?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding