django-cors-middleware does not work

Question

I've been trying django-cors-middleware for days, but I just cannot figure out how to set it up.
Can anyone tell me what I am doing wrong please?
Below is the test project setting I am using.

• django-version: 1.10.3
• python-version: 3.5.2
• Project Name: cors_test
• App Name: appone

• appone/urls.py

  urlpatterns = [
      url(r'^$', views.test_cors, name='test_cors'),
  ]
  

• appone/views.py

  def test_cors(request):
      return render(request, 'appone/test.html', {})
  

• appone/templates/appone/test.html

  <html>
      <script type="text/javascript">
  
      var url = 'https://www.google.co.jp/?gfe_rd=cr&ei=BuxgWJ-_LIyL8QfIgYe4BQ';
      var xhr = new XMLHttpRequest();
      xhr.open('GET', url, true);
  
      xhr.onload = function() {
       var responseText = xhr.responseText;
       console.log(responseText);
      };
  
      xhr.onerror = function() {
        console.log('There was an error!');
      };
  
      xhr.send();
      </script>
  
  </html>
  

• settings.py

  INSTALLED_APPS = [
      'corsheaders',
      'django.contrib.admin',
      'django.contrib.auth',
      'django.contrib.contenttypes',
      'django.contrib.sessions',
      'django.contrib.messages',
      'django.contrib.staticfiles',
      'appone'
  ]
  
  
  MIDDLEWARE = [
      'corsheaders.middleware.CorsMiddleware',
      'django.middleware.security.SecurityMiddleware',
      'django.contrib.sessions.middleware.SessionMiddleware',
      'django.middleware.common.CommonMiddleware',
      'django.middleware.csrf.CsrfViewMiddleware',
      'django.contrib.auth.middleware.AuthenticationMiddleware',
      'django.contrib.messages.middleware.MessageMiddleware',
  ]
  
  CORS_ORIGIN_ALLOW_ALL = True
  

And that's it! That is every setting, and I ran server by

python manage.py runserver

---

Below is what I get by running above

• error from console,

(index):1 XMLHttpRequest cannot load https://www.google.co.jp/?gfe_rd=cr&ei=BuxgWJ-_LIyL8QfIgYe4BQ. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
(index):14 There was an error!

• Request Headers

  :authority:www.google.co.jp
  :method:GET
  :path:/?gfe_rd=cr&ei=BuxgWJ-_LIyL8QfIgYe4BQ
  :scheme:https
  accept:*/*
  accept-encoding:gzip, deflate, sdch, br
  accept-language:ja,en-US;q=0.8,en;q=0.6
  cache-control:no-cache
  origin:http://127.0.0.1:8000
  pragma:no-cache
  referer:http://127.0.0.1:8000/
  user-agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
  x-client-data:CJe2yQEIpbbJAQjEtskBCPucygEIqZ3KAQ==
  

• Response Headers

  alt-svc:quic=":443"; ma=2592000; v="35,34"
  cache-control:private, max-age=0
  content-encoding:gzip
  content-type:text/html; charset=UTF-8
  date:Mon, 26 Dec 2016 10:48:37 GMT
  expires:-1
  p3p:CP="This is not a P3P policy! See https://www.google.com/support/accounts/answer/151657?hl=en for more info."
  server:gws
  set-cookie:NID=93=Mg89hJyAP7FyVu5AT9RzCWxyPndiWPZdKTDgipYBJhJwEBRXdMLTa5aPOBvLjVW6mwUCY1qSaOnPPIlqMvT2x1VjdoPhdlyK67ufk5bOFJJC9eKaEtfngw2xWBhSTSyI; expires=Tue, 27-Jun-2017 10:48:37 GMT; path=/; domain=.google.co.jp; HttpOnly
  status:200
  x-frame-options:SAMEORIGIN
  x-xss-protection:1; mode=block
  

• General

  Request URL:https://www.google.co.jp/?gfe_rd=cr&ei=BuxgWJ-_LIyL8QfIgYe4BQ
  Request Method:GET
  Status Code:200 
  Remote Address:216.58.197.195:443
  

Answer 1

The django-cors-middleware app allows you to control access to your Django app from different domains. It doesn't let you control access to google.co.jp from your Django app. You don't control the headers that google.co.jp returns, so you can't use the middleware to enable cors.

If the third party does not enable cors or jsonp, then you can't access it using javascript. You'll have to fetch the content in your view instead.