"No 'Access-Control-Allow-Origin' header is present on the requested resource" in django

I am newbie to django and using it as back end for an application that creates users. In front end the code for posting the user name is :

var xobj = new XMLHttpRequest();
              xobj.overrideMimeType("application/json");
              xobj.open('POST', "http://www.local:8000/create_user/", true);
                xobj.setRequestHeader("Access-Control-Allow-Origin", "*");
              xobj.onreadystatechange = function () {
                  if (xobj.readyState == 4 && xobj.status == "200") {
                      console.log(xobj.responseText);
                  }
            }
              xobj.send(json);    

On back end the function associated with url handles json but i am getting the error "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.local:54521' is therefore not allowed access". What is the solution for this problem? Also I have followed the steps from "https://gist.github.com/strogonoff/1369619", but problem persists.

Solution 1:

Here's what I did when I got the same error from Django Rest Framework while sending an API request from Restangular. What this does is add CORS (Cross-Origin Resource Sharing) headers to responses from Django Rest Framework. Not having CORS headers was the cause of the error.

In the Django Project root folder (where the manage.py file is located), do:

pip install django-cors-headers

I tried it using virtualenv but was not able to get it to work, so I installed it without switching to virtualenv and got it installed.

After installing it, you have to make some edits to your django settings.py

INSTALLED_APPS = (
    ...
    'corsheaders',
    ...
)

MIDDLEWARE_CLASSES = (
    ...
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    ...
)

CORS_ORIGIN_ALLOW_ALL = True   

Setting above to true allows all origins to be accepted.

References: https://github.com/ottoyiu/django-cors-headers

Solution 2:

In my case, I had simply forgotten to add a trailing slash at the end of the REST API URL. ie, I had this:

http://127.0.0.1:8000/rest-auth/login

Instead of this:

http://127.0.0.1:8000/rest-auth/login/

Solution 3:

Your front and back end are on different ports which means your ajax requests are subject to cross origin security.

You need to set up the back end to accept requests from different origins (or just different port numbers).

Try reading up on CORS and more specifically looking at django cors headers

Solution 4:

If using django for backend, you need to do the following 6 things:

• ensure you are in the virtualenv, then 'pip install django-cors-headers'

• add the following in your INSTALLED-APPS section of the settings.py: 'corsheaders',

• add the following in the MIDDLEWARE section of the settings.py: 'corsheaders.middleware.CorsMiddleware',
  'django.middleware.common.CommonMiddleware',

• add either of the following at the bottom of the settings.py:
  CORS_ORIGIN_ALLOW_ALL = True or
  

  CORS_ORIGIN_WHITELIST = [
  'http://localhost:3000',
  'http://127.0.0.1:3000'
  ]
  

• When using CORS_ORIGIN_WHITELIST, use the URL of the front end app where the GET Or POST request is coming from.

• Another gotcha is ensuring the URL pointing to django ends with a trailing slash.

Solution 5:

If django-cors-headers not resolved the problem try manual add Access-Control-Allow-Origin like this:

@api_view(['GET'])
def swanger(request):
  resutl = {'a': 1}
  resp = JsonResponse(resutl)
  resp['Access-Control-Allow-Origin'] = '*'
  return resp