Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

No Access-Control-Allow-Origin in response headers ?

See original GitHub issue

My settings follow:

INSTALLED_APPS = [
    'corsheaders',
]

MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',  # at the top of all middlewares
]

CORS_ALLOW_METHODS = [
    'DELETE',
    'GET',
    'OPTIONS',
    'PATCH',
    'POST',
    'PUT',
]
CORS_ALLOW_HEADERS = [
    'accept',
    'accept-encoding',
    'authorization',
    'content-type',
    'dnt',
    'origin',
    'user-agent',
    'x-csrftoken',
    'x-requested-with'
]
CORS_ORIGIN_ALLOW_ALL = True

but I met CORB problem because of the miss of the Access-Control-Allow-Origin

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:13 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
boneyaocommented, May 2, 2020

Python 27 django-cors-headers==3.0.0 django=1.11

It’s ok

use django-cors-headers==2.5.3, ACAO not in response headers.

1reaction
adamchainzcommented, Mar 8, 2020

Browsers send the Origin header in requests, which is what triggers CORS headers like ACAO being sent. Please read the articles listed here: https://github.com/adamchainz/django-cors-headers#about-cors

Read more comments on GitHub >

github_iconTop Results From Across the Web

Reason: CORS header 'Access-Control-Allow-Origin' missing
The response to the CORS request is missing the required Access-Control-Allow-Origin header, which is used to determine whether or not the ...
Read more >
CORS and the Access-Control-Allow-Origin response header
The Access-Control-Allow-Origin header is included in the response from one website to a request originating from another website, and identifies the permitted ...
Read more >
Why does my JavaScript code receive a "No 'Access-Control ...
XMLHttpRequest cannot load http://myApiUrl/login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' ...
Read more >
The Access-Control-Allow-Origin Header Explained
Access -Control-Allow-Origin is a CORS header. CORS, or Cross Origin Resource Sharing, is a mechanism for browsers to let a site running at ......
Read more >
3 Ways to Fix the CORS Error — and How the Access-Control ...
Once the browser receives this header information back, it compares the frontend domain with the Access-Control-Allow-Origin value from the ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

AttributeError: 'coroutine' object has no attribute 'has_header' (Django 3.1)

Next page

CORB `application/json` collision