The DOCS for Django Cors Headers, https://pypi.org/project/django-cors-headers/ ,
clearly states that CORS_ALLOWED_ORIGINS
:
Previously this setting was called
CORS_ORIGIN_WHITELIST
, which still works as an alias, with the new name taking precedence.
From the code if I use CORS_ORIGIN_WHITELIST
my requests go through, but if I use CORS_ALLOWED_ORIGINS
, while commenting out CORS_ORIGIN_WHITELIST
, my requests are blocked. In my options request I am not getting any response and the subsequent POST request is blocked.
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
#APPS
....
#ADDL FRAMEWORKS
'corsheaders',
'rest_framework',
'oauth2_provider',
'django_extensions',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
CORS_ORIGIN_WHITELIST = [
'http://127.0.0.1:3000',
'http://localhost:3000'
]
# CORS_ALLOWED_ORIGINS = [
# 'http://127.0.0.1:3000',
# 'http://localhost:3000',
# ]
CORS_ALLOW_METHODS = [
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
]
CORS_ALLOW_HEADERS = [
'accept',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
]
It is a VERSION mistake. The
CORS_ORIGIN_WHITELIST
was changed toCORS_ALLOWED_ORIGIN
in version3.5.0
, while it would seem that i am running an older version.