No Access-Control-Allow-Origin in response headers ?
See original GitHub issueMy settings follow:
INSTALLED_APPS = [
'corsheaders',
]
MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware', # at the top of all middlewares
]
CORS_ALLOW_METHODS = [
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
]
CORS_ALLOW_HEADERS = [
'accept',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with'
]
CORS_ORIGIN_ALLOW_ALL = True
but I met CORB
problem because of the miss of the Access-Control-Allow-Origin
Issue Analytics
- State:
- Created 4 years ago
- Comments:13 (4 by maintainers)
Top Results From Across the Web
Reason: CORS header 'Access-Control-Allow-Origin' missing
The response to the CORS request is missing the required Access-Control-Allow-Origin header, which is used to determine whether or not the ...
Read more >CORS and the Access-Control-Allow-Origin response header
The Access-Control-Allow-Origin header is included in the response from one website to a request originating from another website, and identifies the permitted ...
Read more >Why does my JavaScript code receive a "No 'Access-Control ...
XMLHttpRequest cannot load http://myApiUrl/login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' ...
Read more >The Access-Control-Allow-Origin Header Explained
Access -Control-Allow-Origin is a CORS header. CORS, or Cross Origin Resource Sharing, is a mechanism for browsers to let a site running at ......
Read more >3 Ways to Fix the CORS Error — and How the Access-Control ...
Once the browser receives this header information back, it compares the frontend domain with the Access-Control-Allow-Origin value from the ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Python 27 django-cors-headers==3.0.0 django=1.11
It’s ok
use django-cors-headers==2.5.3, ACAO not in response headers.
Browsers send the
Origin
header in requests, which is what triggers CORS headers like ACAO being sent. Please read the articles listed here: https://github.com/adamchainz/django-cors-headers#about-cors