I'm trying to do a Cross-Site communication between my Django app that returns json and a client running AJAX.
我正在尝试在返回json的Django应用程序和运行AJAX的客户端之间进行跨站点通信。
I'm using django-cors-headers with the following configuration:
我正在使用具有以下配置的django-cors-headers:
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'myapp.apps.MyAppConfig',
'corsheaders',
]
MIDDLEWARE_CLASSES = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
CORS_ORIGIN_ALLOW_ALL = True
For now I'm trying to allow all connections just to make tests. This is my view:
现在我试图让所有连接只是进行测试。这是我的看法:
def index(request):
if request.is_ajax:
results={}
results=["The password is valid"]
data_json=json.dumps(results)
mimetype="application/json"
return HttpResponse(data_json,mimetype)
I tried with the decorator @csrf_exempt too. And finally, this is my AJAX:
我也尝试过装饰者@csrf_exempt。最后,这是我的AJAX:
$.ajax({
url: "http://otherdomain.com/myapp/",
type: "POST",
crossDomain: true,
data :{
'username': $("#myName").val(),
},
dataType: "json",
success:function(result){
alert(JSON.stringify(result));
},
error:function(xhr,status,error){
alert(status);
}
});
The console is alerting this:
控制台警告这个:
XMLHttpRequest cannot load http://otherdomain.com/myapp/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'thisdomain.com' is therefore not allowed access.
XMLHttpRequest无法加载http://otherdomain.com/myapp/。请求的资源上不存在“Access-Control-Allow-Origin”标头。因此不允许来源'thisdomain.com'访问。
Any help will be useful. Thank you very much.
任何帮助都会有用。非常感谢你。
2 个解决方案
#1
1
From your comments I can think that you forgot to enable cors support on your web server/hosting. As you use Dreamhost, you can refer to it's documentation here.
根据您的评论,我可以认为您忘记在您的网络服务器/托管上启用cors支持。当您使用Dreamhost时,可以在此处参考它的文档。
Also as @YPCrumble said in his answer you might want to use up to date fork Django-cors-middleware when you will have working requests.
另外正如@YPCrumble在他的回答中所说,当你有工作请求时,你可能想要使用最新的Django-cors-middleware。
#2
2
Django-cors-headers is an out-of-date repo - the last commit was a year ago. You should be using Django-cors-middleware which is the live fork of that repo.
Django-cors-headers是一个过时的回购 - 最后一次提交是一年前。您应该使用Django-cors-middleware,它是该repo的实时分支。
I don't think there's anything necessarily wrong with your setup, and expect that updating the package will solve your problem. The issue is likely that you're on a new version of Django that isn't supported by the old package.
我认为您的设置没有任何问题,并且期望更新软件包可以解决您的问题。问题可能是您使用旧版本不支持的Django新版本。
EDIT:
Based on the headers in your comment, you also need to add an X-CsrfToken header to your POST request. I believe this type of cross-domain ajax request can yield the misleading CORS error, even though the issue is actually due to lack of CSRF.
根据评论中的标题,您还需要在POST请求中添加X-CsrfToken标头。我相信这种类型的跨域ajax请求可能会产生误导性的CORS错误,即使问题实际上是由于缺乏CSRF。
The above responses work for instance if you're working with a single page application working on a separate port from your app server. However, if this is a cross-origin request to a third party server, you need to make sure that they will support CORS. If they do not, you'll need to make the POST request from your server, not the client's browser.
例如,如果您正在处理与应用服务器位于不同端口上的单个页面应用程序,则上述响应会起作用。但是,如果这是对第三方服务器的跨源请求,则需要确保它们支持CORS。如果他们不这样做,您需要从服务器而不是客户端的浏览器发出POST请求。
#1
1
From your comments I can think that you forgot to enable cors support on your web server/hosting. As you use Dreamhost, you can refer to it's documentation here.
根据您的评论,我可以认为您忘记在您的网络服务器/托管上启用cors支持。当您使用Dreamhost时,可以在此处参考它的文档。
Also as @YPCrumble said in his answer you might want to use up to date fork Django-cors-middleware when you will have working requests.
另外正如@YPCrumble在他的回答中所说,当你有工作请求时,你可能想要使用最新的Django-cors-middleware。
#2
2
Django-cors-headers is an out-of-date repo - the last commit was a year ago. You should be using Django-cors-middleware which is the live fork of that repo.
Django-cors-headers是一个过时的回购 - 最后一次提交是一年前。您应该使用Django-cors-middleware,它是该repo的实时分支。
I don't think there's anything necessarily wrong with your setup, and expect that updating the package will solve your problem. The issue is likely that you're on a new version of Django that isn't supported by the old package.
我认为您的设置没有任何问题,并且期望更新软件包可以解决您的问题。问题可能是您使用旧版本不支持的Django新版本。
EDIT:
Based on the headers in your comment, you also need to add an X-CsrfToken header to your POST request. I believe this type of cross-domain ajax request can yield the misleading CORS error, even though the issue is actually due to lack of CSRF.
根据评论中的标题,您还需要在POST请求中添加X-CsrfToken标头。我相信这种类型的跨域ajax请求可能会产生误导性的CORS错误,即使问题实际上是由于缺乏CSRF。
The above responses work for instance if you're working with a single page application working on a separate port from your app server. However, if this is a cross-origin request to a third party server, you need to make sure that they will support CORS. If they do not, you'll need to make the POST request from your server, not the client's browser.
例如,如果您正在处理与应用服务器位于不同端口上的单个页面应用程序,则上述响应会起作用。但是,如果这是对第三方服务器的跨源请求,则需要确保它们支持CORS。如果他们不这样做,您需要从服务器而不是客户端的浏览器发出POST请求。