我正在尝试使用mod_wsgi和Django设置CORS + HTTPS,但我无法让它工作。
CORS在没有HTTPS / mod_wsgi的情况下正常工作,但在我尝试添加HTTPS / mod_wsgi时停止工作。
对于CORS,我使用Django CORS中间件(https://github.com/zestedesavoir/django-cors-middleware)
我的Django middleware_classes如下:(参见CorsMiddleware和CorsPostCsrfMiddleware)
MIDDLEWARE_CLASSES = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'corsheaders.middleware.CorsPostCsrfMiddleware',
]
我还添加了以下配置:
CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = True
我运行Django / wsgi服务器如下:
python manage.py runmodwsgi --host 0.0.0.0 --port 8001 --https-port 8000 --ssl-certificate-file ../utils/ssl_cert/local.crt --ssl-certificate-key-file ../utils/ssl_cert/local.key --processes 8 --server-name localhost --https-only --reload-on-changes
Successfully ran command.
Server URL : http://localhost:8001/
Server URL (HTTPS) : https://localhost:8000/
Server Root : /tmp/mod_wsgi-0.0.0.0:8001:1000
Server Conf : /tmp/mod_wsgi-0.0.0.0:8001:1000/httpd.conf
Error Log File : /tmp/mod_wsgi-0.0.0.0:8001:1000/error_log (warn)
Request Capacity : 40 (8 processes * 5 threads)
Request Timeout : 60 (seconds)
Startup Timeout : 15 (seconds)
Queue Backlog : 100 (connections)
Queue Timeout : 45 (seconds)
Server Capacity : 85 (event/worker), 70 (prefork)
Server Backlog : 500 (connections)
Locale Setting : en_US.UTF-8
如果我从命令行使用httpie查询HTTPS服务器,它会按预期工作(当然没有CORS问题)。
如果我从我的网络应用程序查询HTTPS服务器,我会收到CORS问题:
OPTIONS https://127.0.0.1:8001/api/v1/auth-token/
XMLHttpRequest cannot load https://127.0.0.1:8001/api/v1/auth-token/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access. The response had HTTP status code 403.
此外,为mod_wsgi服务器生成的配置似乎没有设置标头以允许CORS
Server Conf : /tmp/mod_wsgi-0.0.0.0:8001:1000/httpd.conf
我是Django的新手,我不确定在哪个级别配置HTTPS的CORS。
我尝试在/etc/apache2/sites-enabled/000-default.conf中配置失败
<VirtualHost *>
Header set Access-Control-Allow-Origin "*"
</VirtualHost>
最佳, 尼古拉斯
答案 0 :(得分:0)
设置/etc/apache2/sites-enabled/000-default.conf不会对mod_wsgi-express起任何作用。它们是完全独立的,mod_wsgi-express忽略任何系统Apache安装配置文件。
如果您在使用mod_wsgi-express时需要添加额外的Apache httpd配置指令,请将其添加到名为extra.conf的文件中,只需:
Header set Access-Control-Allow-Origin "*"
然后运行mod_wsgi-express:
python manage.py runmodwsgi --host 0.0.0.0 --port 8001 --https-port 8000 --ssl-certificate-file ../utils/ssl_cert/local.crt --ssl-certificate-key-file ../utils/ssl_cert/local.key --processes 8 --server-name localhost --https-only --reload-on-changes --include-file extra.conf