Django is not allowed by Access-Control-Allow-Origin

Question

Im new to stack overflow and hope i won't make any mistake for my 1st post.

I get error: Origin ... is not allowed by Access-Control-Allow-Origin.

from what I read in other similar posts, it's a Cross domain issue. But here are the things: case1: when launching my local html file, containing ajax query to a server A, I have no pb. case2: when opening this same kind of html, this time served by a django local server B, then I have a pb.

Can someone explained why case2 is considered as cross domain? server B is on my machine, so why case 2 would not be considered the same as case1?

thanks a lot

some code:

Case1: I reach a server A on my home network through ajax in a html page.

if I build a html page with ajax query like this:

check_user_status = function(userID){
        url = "http://blabla/api" + userID;
        var getting = $.get(url);
        getting.done(function( data ) {
            status = data.result.status;
            $( "#result" ).append( "association... " + status + "<br>");
            if (status!="pending"){
                clearInterval(timer);
                clearTimeout(endRequest);
                get_challenge();
            }
        });
      }

then I can see the request is being sent and I can analyze the json response. In that case I noticed that a GET query has no "origin header" and a similar POST query has origin = file://

This server A is not coded by me and I cannot change it.

Case2: I created a web server B via Django. This web server served a html page with js where same ajax query is present. This time the ajax query to server A is sent but I cannot get the response and the browser raised error:

Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin

I noticed that in that case, the GET origin is set to:

> http://127.0.0.1:8000

since yesterday I tried to play with some middleware apps on django server B side… with no success

hope it clarifies thanks again

Answer 1

SAMPLE REQUEST:

$.ajax({
        url: "http://localhost:8080",
        type: "POST",
        crossDomain: true,
        accept: "application/json",
        contentType: "application/json; charset=UTF-8",
        data: JSON.stringify(jsonObject),
        dataType: "json",
        success: function (response) {
            var resp = JSON.parse(response)
            alert(resp.status);
        },
        error: function (xhr, status) {
            alert(status);
        }
    });

SAMPLE RESPONSE:

import web
import json

class index:

    def OPTIONS(self):
        web.header('Content-Type', 'application/json')
        web.header('Access-Control-Allow-Origin', '*')
        web.header('Access-Control-Allow-Methods', 'POST, GET')
        web.header('Access-Control-Allow-Headers', 'origin, x-csrftoken, content-type, accept')
        return web.data()

    def POST(self):
        web.header('Content-Type', 'application/json')
        web.header('Access-Control-Allow-Origin', '*')


        return json.dumps('{"status" : "success"}')

    def GET(self):
        return json.dumps("{status : 'success'}")