I am getting the following error message when I try to access my endpoints.
Request header field X-FirePHP-Version is not allowed by Access-Control-Allow-Headers in preflight response.
This is how my settings.py file looks
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'api.apps.ApiConfig',
'django_server',
'corsheaders', # For Cross-Origin Resource Sharing
]
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = False
If you have additional headers that are going to be in your requests to a CORS enabled server, you should specify those in the CORS_ALLOW_HEADERS django-cors setting. This should solve it, but I would double check to make sure those headers are supposed to be there.
# In your project's settings.py
CORS_ALLOW_HEADERS = (
'x-requested-with',
'content-type',
'accept',
'origin',
'authorization',
'x-csrftoken',
'x-firephp-version', # Added to default list
)
# more settings...
Under the hood this simply sets the Access-Control-Request-Headers header on your server's responses.
Related
I have a django application which is hosted in IIS (with custom URL) and its front end is hosted in Angular. The front end is showing corse related error so i tried to resolve that by adding 'corseheaders' in settings.py of my backend code. After that when i tried to access the API (by clicking the hosted URL in IIS) the following error is showing in the browser.
Error occurred while reading WSGI handler:
Traceback (most recent call last):
File "D:\TESTAPP\API\venv\Lib\site-packages\wfastcgi.py", line 791, in main
env, handler = read_wsgi_handler(response.physical_path)
Following is the changes i have done in the settings.py of my backend(django). Actually i have added the last line with "corsheaders". if its removed the error is gone.
ALLOWED_HOSTS = ['*']
CORS_ORIGIN_ALLOW_ALL = True
# Application definition
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'survey_app.apps.SurveyAppConfig',
'corsheaders',
]
Can you guys please help me out.
The frontend showing corse related errors is due to your frontend not being on the same domain as your Django API/backend, so all Django responses need to contain CORS related headers. This article is about Cross-Origin Resource Sharing (CORS).
On how to use django-cors-headers to solve cross-domain problems, you can refer to the following steps:
1.Install the package using pip:
pip install django-cors-headers
2.Add "corseheaders" to settings.py:
INSTALLED_APPS = (
……
'corsheaders',
……
)
3.Add middleware:
MIDDLEWARE = [
...
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
...
]
4.Add the following configuration in settings.py:
CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = True
CORS_ORIGIN_WHITELIST = (
'*'
)
CORS_ALLOW_METHODS = (
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
'VIEW',
)
CORS_ALLOW_HEADERS = (
'XMLHttpRequest',
'X_FILENAME',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
'Pragma',
)
For more detailed configuration, please refer to the official documentation.
I am studing the djanto multi-tenant package (https://github.com/django-tenants/django-tenants).
When i try to access the main page (landing page) at http://127.0.0.1:8000/, I got the following message:
Page not found (404)
Request Method: GET
Request URL: http://127.0.0.1:8000/
Raised by: core.views.home
No tenant for hostname "127.0.0.1"
You're seeing this error because you have DEBUG = True in your Django settings file. Change that to
False, and Django will display a standard 404 page.
How do I get the landing page to show correctly?
URL FILE
from core.views import home
urlpatterns = [
path('admin/', admin.site.urls),
path('', home, name='home'),
] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
THE VIEW OF LANDINGPAGE
from django.shortcuts import render
def home(request):
return render(request, 'core/index.html')
PARTIAL SETTINGS FILES
DEBUG = True
ALLOWED_HOSTS = ['*']
# Application definition
SHARED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django_tenants',
'customer',
'core', //landing page
]
TENANT_APPS = [
# The following Django contrib apps must be in TENANT_APPS
'django.contrib.contenttypes',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.sessions',
'django.contrib.messages',
# your tenant-specific apps
'myclientapp',
]
INSTALLED_APPS = list(set(SHARED_APPS + TENANT_APPS))
Thank you very much!
The issue there is with the Django Tenants middleware. By default, django_tenants will show a Page 404 error if you go to a tenant that does not exist. You can change this behavior by over-modifying the middleware and having your own local copy or (the easiest solution) you can just provide a default case by adding SHOW_PUBLIC_IF_NO_TENANT_FOUND = True in your project's settings.py file. This will route to the public schema hence other url routes will work as they should.
I have a Django(v2.2) project hosted on an url which looks like
https://some.example.com/mypath/ which has an API endpoint at blog/create.
I need to make a POST request from https://some.example.com/anotherpath/ofmine/ (using axios), but that gives me a 301 error with the following messages in Firefox 71.0:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://some.example.com/mypath/blog/create/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://some.example.com/mypath/blog/create/. (Reason: CORS request did not succeed).
However, I can easily make the same requests to a dev server hosted locally.
Relevant settings:
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'rest_framework_docs',
'corsheaders',
'django_extensions',
...
]
USE_X_FORWARDED_HOST = True
FORCE_SCRIPT_NAME = '/mypath'
CORS_ORIGIN_ALLOW_ALL = True
What could be the reason and possible workarounds for the error?
According to the django-cors-headers docs, you need to set the CORS_ORIGIN_WHITELIST to include your endpoint(s), or set CORS_ORIGIN_ALLOW_ALL to True to allow all hosts (not recommended for production though).
Stupid mistake. some.example.com redirects to www.some.example.com so I'd been trying to access APIs at some.example.com (which doesn't exist, hence the 301) from www.some.example.com. Prefixed the www on the request url and it's working fine; I don't even need CORS headers, of course.
I'm trying to retrieve the json from the rest api set up using Django.
This data is currently only hosted on: http://127.0.0.1:8000/xyz
When I try to retrieve it using
$http({
method: 'GET',
url: 'http://127.0.0.1:8000/xyz',
})
I get an error that is:
XMLHttpRequest cannot load http://127.0.0.1:8000/xyz. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8080' is therefore not allowed access.
Can someone tell me a way of dealing with this, please?
Thanks!
Here's my Django settings folder:
INSTALLED_APPS = (
'student',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'corsheaders'
)
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware'
)
CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = True
CORS_URLS_REGEX = r'^/api.*$'
CORS_ORIGIN_WHITELIST = (
'mydomain',
'localhost:3000',
'http://127.0.0.1:8000/'
)
Look into using django-cors-headers to have Django return the proper headers. You can then create a whitelist for your site (http://127.0.0.1:8080 for development and whatever your final domain for production)
I use the following on my settings for a similar setup:
INSTALLED_APPS += ('corsheaders',)
CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = True
CORS_URLS_REGEX = r'^/api.*$'
CORS_ORIGIN_WHITELIST = (
'mydomain',
'localhost:3000',
)
You may also need to add the following to your Angular project:
$http.defaults.useXDomain = true;
[UPDATE]
See this blog for more details
Apart from the changes in settings.py, please try to add a slash at the end of the url you are calling
$http({
method: 'GET',
- url: 'http://127.0.0.1:8000/xyz',
+ url: 'http://127.0.0.1:8000/xyz/',
})
I have installed django-allauth, after that this is my settings.py
Django_apps = (
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.admin',
# Uncomment the next line to enable admin documentation:
# 'django.contrib.admindocs',
)
Third_party_apps = (
'avatar',
'allauth',
'allauth.account',
'allauth.socialaccount',
'bootstrapform',
'allauth.socialaccount.providers.github',
'allauth.socialaccount.providers.twitter',
)
My_apps = ()
INSTALLED_APPS = Django_apps + Third_party_apps + My_apps
TEMPLATE_CONTEXT_PROCESSORS = (
'django.contrib.auth.context_processors.auth',
"django.core.context_processors.request",
"allauth.account.context_processors.account",
"allauth.socialaccount.context_processors.socialaccount",
)
AUTHENTICATION_BACKENDS = (
"django.contrib.auth.backends.ModelBackend",
"allauth.account.auth_backends.AuthenticationBackend",
)
ACCOUNT_ADAPTER ="allauth.account.adapter.DefaultAccountAdapter"
ACCOUNT_AUTHENTICATION_METHOD = "username_email"
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_EMAIL_VERIFICATION = "optional"
ACCOUNT_USERNAME_MIN_LENGTH = 3
and i believe i also correctly set my urls.py. And also i have two Social app from django admin with correct twitter and github api keys and secrets.
But then problem is whenever i click to login via twitter it shows me the correct twitter auth page and after i authorize the app it gives me this error..
<allauth.socialaccount.models.SocialLogin object at 0x7feb5875a650> is not JSON serializable
and also i get almost the same error with github. like
<allauth.socialaccount.models.SocialLogin object at 0x7feb5877a590> is not JSON serializable
, So please help me to understand what's the problem
In Django 1.6 you have to change the SESSION_SERIALIZER parameter to pickle. Put this in your settings.py:
SESSION_SERIALIZER='django.contrib.sessions.serializers.PickleSerializer'
I don't know when allauth will become compatible with this new Django serialization format. See Django 1.6 release notes.