Reputation: 2646
Django Rest Framework: XMLHttpRequest cannot load http://127.0.0.1:8000/xyz/api/abc
SOLUTION: Add a trailing slash to the end of the url...
"http://127.0.0.1:8000/xyz/api/abc/" instead of "http://127.0.0.1:8000/xyz/api/abc"
....
I have successfully created a Django Rest API and am able to store and host data locally it seems. I have built an angularjs1.0 app separately and am attempting to extract the data via $http get request however I'm running into this error:
XMLHttpRequest cannot load http://127.0.0.1:8000/xyz/api/abc. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://172.20.9.163:8080' is therefore not allowed access.
I have attempted to install CORS and have added it to my INSTALLED_APPS, yet nothing seems to be working yet.
This is the get request:
getABC : function() {
$http({
method: 'GET',
url: 'http://127.0.0.1:8000/xyz/api/abc',
cache: false
}).success(function(data) {
console.log(data)
callback(data);
});
},
Here's a look at my Django settings.py file:
INSTALLED_APPS = (
'xyz',
'corsheaders',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
)
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
CORS_ORIGIN_ALLOW_ALL = True
Upvotes: 3
Views: 5417
Answers (2)
Reputation: 1807
Install django-crops-headers
pip install django-cors-headers
In setting.py:
MIDDLEWARE = [
#...
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
]
INSTALLED_APPS = [
'corsheaders',
#...
]
Set CORS_ORIGIN_ALLOW_ALL is True
CORS_ORIGIN_ALLOW_ALL = True # this allows all domains
Or to allow specific domains
CORS_ORIGIN_WHITELIST = (
'http://example.com',
'http://127.0.0.1:8000',
'http://localhost:8000',
)
In Ajax call(front end) add headers:
var get_request = $.ajax({
type: 'GET',
"headers": {
"accept": "application/json",
"Access-Control-Allow-Origin":"*"
},
url: 'http://example.com',
});
If it is not solved, You should enable the core in requesting server(http://example.com)
Upvotes: 0
Reputation: 15240
TL;DR
Issue your AJAX request to a slash-appended URL.
Explanation
After our discussion, it appears that the culprit is Django's automatic APPEND_SLASH = True which is enabled when CommonMiddleware is enabled.
This causes the AJAX request from your Angular app to first hit a 301 Moved Permanently redirect to the slash-appended URL. However, the corsheaders middleware does not act on this response, so the browser complains about a missing Access-Control-Allow-Origin header.
This is solved by requesting the slash-appended URL directly, and bypassing the 301 redirect altogether.
$http({
method: 'GET',
url: 'http://127.0.0.1:8000/xyz/api/abc/', // trailing slash here
cache: false
}).success(...);
Upvotes: 11
Related Questions
- CORS policy blocks XMLHttpRequest
- Django CORS issue: access-control-allow-origin is not allowed
- Django response giving CORS error for an AJAX request
- Angular app can't read Django Rest Framework API because of CORS issue
- API request from Angular App to Django REST API - blocked by CORS
- Django-rest cross origin request fails
- Getting CORS (Cross-Origin...) error when using python flask-restful with consuming AngularJS (using $http)
- Django Angular cors error: access-control-allow-origin not allowed
- CORS with django and angularjs
- Django is not allowed by Access-Control-Allow-Origin