好吧,起初我忘记了中间件类,但是在添加它之后效果很好(一周前)。
现在,我回到工作站,再次发现它无法正常工作。ACCESS_CONTROL_ALLOW_ORIGIN标头根本没有设置。
我已经尝试过所有方法,将中间件放在CommonMiddleware之前,但这是行不通的。
这是我的setting.py文件:
DEBUG = True
ALLOWED_HOSTS = ['*']
# Application definition
INSTALLED_APPS = [
'account',
'corsheaders',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'social_django',
]
# if DEBUG:
# INSTALLED_APPS += 'corsheaders',
# MIDDLEWARE = ['corsheaders.middleware.CorsMiddleware', ]
# else:
# MIDDLEWARE = []
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
CORS_ORIGIN_ALLOW_ALL = DEBUG
这是我得到的答复:
Date: Sun, 14 Jan 2018 09:35:09 GMT
Server: WSGIServer/0.1 Python/2.7.14+
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Content-Length: 146
最佳答案
# Cors headers
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True
CORS_ALLOW_METHODS = (
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
)
CORS_ALLOW_HEADERS = (
'accept',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
)