配置 Django Restframework CORS 标头
我的应用程序尝试从外部存储服务读取文件并收到响应:
来自外部源的请求被阻止:单一源策略禁止读取
上的远程资源。原因:CORS 标头“Access-Control-Allow-Origin”丢失。禁忌403
Django 设置
INSTALLED_APPS = [
...
'rest_framework',
"corsheaders",
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'allauth.account.middleware.AccountMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.common.CommonMiddleware',
]
CORS_ALLOWED_ORIGINS = [
'http://myapp.site', # no SSL cert
]
CORS_ALLOW_CREDENTIALS = True
CORS_ALLOW_METHODS = (
"DELETE",
"GET",
"OPTIONS",
"PATCH",
"POST",
"PUT",
"HEAD",
)
回答开发工具
XHRHEAD
<EXTERNAL_LINK>
CORS Missing Allow Origin
HEAD
<EXTERNAL_LINK>
Status
403
Version HTTP/2
Referrer policystrict-origin-when-cross-origin
content-length
15
content-type
application/octet-stream
date
Tue, 30 Apr 2024 16:46:05 GMT
server
nginx
X-Firefox-Spdy
h2
Accept
*/*
Accept-Encoding
gzip, deflate, br
Connection
keep-alive
Host
<DOMAIN_EXTERNAL_LINK>
Origin
http://myapp.site
Referer
http://myapp.site/
Sec-Fetch-Dest
empty
Sec-Fetch-Mode
cors
Sec-Fetch-Site
cross-site
User-Agent
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0
请帮我解决问题
允许的来源列表中只有您的应用程序站点链接,您还需要将外部存储服务域添加到允许的来源列表中。
CORS_ALLOWED_ORIGINS = [
...,
<DOMAIN_EXTERNAL_LINK>,
...,
]