Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

When 'localhost' '127.0.0.1' 'No 'Access-Control-Allow-Origin' header is present on the requested resource'

See original GitHub issue

I used django-cors-headers, and config it.

Backend: Django + django-rest-framework

settings.py

ALLOWED_HOSTS = ['*']
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
CORS_ORIGIN_ALLOW_ALL = True

python manage.py runserver 0.0.0.0:8000

Frontend: vue + axios I try 3 url to access http://ip:8000/api/xxx http://127.0.0.1:8000/api/xxx http://localhost:8000/api/xxx

When request host is ip(192.168.1.xxx): It worked ok.

When request host is ‘localhost’ or ‘127.0.0.1’: It did not work

XMLHttpRequest cannot load http://127.0.0.1:8000/api/cameras. 
Redirect from 'http://127.0.0.1:8000/api/cameras' to 'http://127.0.0.1:8000/api/cameras/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'http://localhost:8080' is therefore not allowed access.

Question: Why ‘127.0.0.1’ & ‘localhost’ can not work well, I added CORS_ORIGIN_ALLOW_ALL = True already…

Issue Analytics

State:
Created 6 years ago
Comments:5 (2 by maintainers)

Top GitHub Comments

19reactions

adamchainzcommented, Jul 15, 2017

Because browsers send Origin: null for localhost/127.0.0.1, use http://127.0.0.1.xip.io/ instead and all will be fine.

11reactions

Bijiabocommented, Jan 13, 2018

I have tried http://127.0.0.1.xip.io/. It not work.

Top Results From Across the Web

No 'Access-Control-Allow-Origin' header is present on the ...

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Resolve the "No 'Access-Control-Allow-Origin' header" error ...

In the new policy, under Cross-origin resource sharing, turn on CORS. Fill in other settings as needed and choose Create policy.

Reason: CORS header 'Access-Control-Allow-Origin' missing

The response to the CORS request is missing the required Access-Control-Allow-Origin header, which is used to determine whether or not the ...

Access-Control-Allow-Origin header missing

No these are just http requests, am developing locally. I tried putting an explicit origin as well but that didn't work either.

Response to preflight request doesn't pass access control check

... check: No 'Access-Control-Allow-Origin' header is present on the requested resource. ... 'localhost, 127.0.0.1' // 'localhost,localhost:8080,127.0.0.1 ...