Question

我正在使用django的spotify API / spotipy，并且需要用户登录他们的帐户才能访问他们的数据。我用过＃34; pip3安装django-cors-headers＆＃34;并将相应的部分添加到settings.py。

#settings.py
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'jazz_stuff.apps.JazzStuffConfig',
'corsheaders',
]

MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

CORS_ORIGIN_ALLOW_ALL = True

CSRF_TRUSTED_ORIGINS = (
    'localhost:8000',
)

#views.py
def callSpotify(request):
if request.method == 'POST':
    if request.is_ajax():
        sp_oauth = oauth2.SpotifyOAuth( SPOTIPY_CLIENT_ID, SPOTIPY_CLIENT_SECRET,SPOTIPY_REDIRECT_URI, scope=SCOPE,cache_path=CACHE)
        url = sp_oauth.get_authorize_url()
        return HttpResponseRedirect(url)
return None

即使这样，我仍然会收到有关错过access-control-allow-origin标头的错误，并且spotify登录页面无法打开。

jquery.min.js：2 XHR已完成加载：GET＆＃34; http://localhost:8000/callSpotify/＆＃34;。

（index）：1无法加载https://accounts.spotify.com/authorize?client_id=14c8a7dfd5804fb5994243e69bb7606f&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fcallback%2F&scope=user-modify-playback-state+user-top-read&show_dialog=True：对预检请求的响应未通过访问控制检查：否＆＃39; Access-Control-Allow-Origin＆＃39;标头出现在请求的资源上。起源＆＃39; http://localhost:8000＆＃39;因此不允许访问。

XHR已完成加载：OPTIONS＆＃34; https://accounts.spotify.com/authorize?client_id=14c8a7dfd5804fb5994243e69bb7606f&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fcallback%2F&scope=user-modify-playback-state+user-top-read&show_dialog=True＆＃34;。

我该如何处理，以免我发现错误？

编辑：添加标题

一般

Request URL: https://accounts.spotify.com/authorize?client_id=14c8a7dfd5804fb5994243e69bb7606f&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fcallback%2F&scope=user-modify-playback-state+user-top-read&show_dialog=True
Request Method: OPTIONS
Status Code: 204 No Content
Remote Address: 104.154.127.47:443
Referrer Policy: no-referrer-when-downgrade

响应标头

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Date: Wed, 14 Mar 2018 06:31:56 GMT
Keep-Alive: timeout=600
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=edge

请求

Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,fr;q=0.8
Access-Control-Request-Headers: x-csrftoken,x-requested-with
Access-Control-Request-Method: GET
Connection: keep-alive
Host: accounts.spotify.com
Origin: http://localhost:8000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36

Answer 1

尝试将这些行添加到settings.py

# Corsheaders settings
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_WHITELIST = (
    '*'
)

试试这个......

django-cors-headers与spotify无法正常工作

1 个答案: