Django CORS API by AngularJS

I have included CORS in Django using django-cors:

https://github.com/ottoyiu/django-cors-headers

After completing the installation steps here, I installed the following:

CORS_ORIGIN_ALLOW_ALL = False

CORS_ORIGIN_WHITELIST = (
    'http://localhost:8000'
)

Django application runs on http: // locahost: 3000

My interface is an Angular application that runs on "http: / localhost: 8000", and I made the following changes to communicate with the django application.

RestangularProvider.setBaseUrl('http://localhost:3000/');

[Use of alternative resource APIs]

When I call the GET API, a β€œOPTIONS” call is made and I get the following error:

XMLHttpRequest http://localhost:3000/users. "", "Access-Control-Allow-Credentials" ". " ", . http://localhost:8000 ', , .

, , , . , :   RestangularProvider.setDefaultHeaders({ "x-request-with": 'XMLHttpRequest'});

, : XMLHttpRequest http://localhost:3000/users. ()

. / :

General:
Remote Address:127.0.0.1:3000
Request URL:http://localhost:3000/users
Request Method:OPTIONS
Status Code:301 MOVED PERMANENTLY

Response Headers
Access-Control-Allow-Headers:x-requested-with, content-type, accept, origin, authorization, x-csrftoken, user-agent, accept-encoding
Access-Control-Allow-Methods:GET, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Origin:http://localhost:8000
Access-Control-Max-Age:86400
Content-Type:text/html; charset=utf-8
Date:Thu, 17 Dec 2015 11:10:16 GMT
Location:http://localhost:3000/users/
Server:WSGIServer/0.1 Python/2.7.10
X-Frame-Options:SAMEORIGIN

Request Headers
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:accept, x-requested-with
Access-Control-Request-Method:GET
Cache-Control:no-cache
Connection:keep-alive
Host:localhost:3000
Origin:http://localhost:8000
Pragma:no-cache
Referer:http://localhost:8000/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
+4
4

. API.

API :

url(r'^users/', views.user_details)

"/users", - django APPEND_SLASH "/users/". django APPEND_SLASH:

, URL- URLconf, , HTTP URL- . , , POST.

APPEND_SLASH , CommonMiddleware  .

, ( ) - URL- API, , ..

url(r'^users', views.user_details)

URL- , .

, - API, , AngularJS:

resourceProvider.defaults.stripTrailingSlashes = false;
RestangularProvider.setRequestSuffix('/'); 

, , , , .

+7

, , , django-cors ( URL) django,

Example:

    CORS_ORIGIN_WHITELIST = (
        'google.com',
        'hostname.example.com'
    )


Default:

    CORS_ORIGIN_WHITELIST = ()

, , localhost, , , , ?

0

CORS , $httpProvider.defaults.withCredentials = true; angular. , , , .

just add this code to the Django apache configuration file, it can be a httpd.conf file (usually located in a * .conf file, for example httpd.conf or apache.conf) or inside .htaccess. then just add this code

<IfModule mod_headers.c>
SetEnvIf Origin (.*) AccessControlAllowOrigin=$1
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header set Access-Control-Allow-Credentials true
</IfModule> 

or if their embedded code, then find the folder directory in this file and only this code in it

SetEnvIf Origin (.*) AccessControlAllowOrigin=$1
    Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
    Header set Access-Control-Allow-Credentials true

and also you need to change the configuration of the angular application with the following

angular.module('app', ['ngCookies'])
    .config([
   '$httpProvider',
   '$interpolateProvider',
   function($httpProvider, $interpolateProvider, $scope, $http) {
       $httpProvider.defaults.withCredentials = true;
       $httpProvider.defaults.xsrfCookieName = 'csrftoken';
       $httpProvider.defaults.headers.post['Content-Type'] = 'application/x-www-form-urlencoded';
   }]).
   run([
   '$http',
   '$cookies',
   function($http, $cookies) {
       $http.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken;
   }]);
0
source

Source: https://habr.com/ru/post/1620530/


All Articles