所以,我正在使用带有Django 1.11.x的Rest Framework的django-cors-headers,我几乎遵循了一般的建议,然而,我仍然得到x has been blocked by CORS policy: No 'Access-Control-Allow-Origin'标题在您请求的资源上。“正如您所看到的,我已将'corsheaders'添加到INSTALLED_APPS并'corsheaders.middleware.CorsMiddleware'添加到Middleware,并且我已将CORS_ORIGIN_ALLOW_ALL设置为true并{{1}我也提到了白名单选项,但我的理解是,如果CORS_ALLOW_CREDENTIALS设置为true,则不需要白名单。我还CORS_ORIGIN_ALLOW_ALL。是什么?BTW,我已经阅读了django-cors-headers repo上的自述文件。我想知道它为什么不起作用。
pip3 install django-cors-headers我从localhost:5555访问的js文件是:
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'corsheaders',
'books.apps.BooksConfig',
]
MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True
CSRF_TRUSTED_ORIGINS = (
'localhost:5555'
)