Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

'Access-Control-Allow-Origin' header missing in DRF

See original GitHub issue
django-cors-headers==2.4.0
Django==2.1 
djangorestframework==3.8.2

Deploying
uWSGI == 2.0.17.1
Nginx == 1.14.0

I have already add corsheaders, corsheaders.middleware.CorsMiddleware to the top, CORS_ORIGIN_ALLOW_ALL=True in my project settings. But when I sent request to webserver, I couldn’t find ‘Access-Control-Allow-Origin’ in response headers. image

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:1
  • Comments:15 (7 by maintainers)

github_iconTop GitHub Comments

2reactions
gjostcommented, Feb 5, 2019

FWIW I had this same problem but it looked like I wasn’t testing properly. You have to add the Origin header to the request or it won’t work. (Exampie uses httpie)

$ http -h GET https://example.com/api/accounts/profile/ "Authorization: Token abc123...a1b2c3" "Origin: 012.345.678.9"
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
...

I tried the csrf_exempt trick before discovering the Origin header but it didn’t work for me.

2reactions
talhakabakuscommented, Dec 19, 2018

Facing with the same issue despite have already set both of CORS_ORIGIN_ALLOW_ALL, CORS_ALLOW_CREDENTIALS to True.

p.s. Software Stack:

  • Python 3.7.1
  • django 2.1.4
  • django-cors-headers 2.4.0
Read more comments on GitHub >

github_iconTop Results From Across the Web

'Access-Control-Allow-Origin' header missing in DRF #348
I have already add corsheaders , corsheaders.middleware.CorsMiddleware to the top, CORS_ORIGIN_ALLOW_ALL=True in my project settings.
Read more >
Django Python rest framework, No 'Access-Control-Allow ...
No 'Access-Control-Allow-Origin' header is present on the requested resource..." error in my console. I am using: Chrome Version 57.0.2987.133 ...
Read more >
Reason: CORS header 'Access-Control-Allow-Origin' missing
The response to the CORS request is missing the required Access-Control-Allow-Origin header, which is used to determine whether or not the ...
Read more >
Enabling CORS for a REST API resource - Amazon API Gateway
When you enable CORS by using the AWS Management Console, API Gateway creates an OPTIONS method and attempts to add the Access-Control-Allow-Origin header...
Read more >
Cors header 'access-control-allow-origin' (Django ... - YouTube
Cors header ' access-control-allow-origin ' (Django-cors- headers ) Django Rest framework API Tutorial [15]Features Breakdown with Video Links:1 ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

CORS_ORIGIN_WHITELIST is missing scheme or netloc

Next page

CORS_ALLOW_CREDENTIALS documentation should include a note about cookie samesite settings