I've been trying django-cors-middleware for days, but I just cannot figure out how to set it up.
Can anyone tell me what I am doing wrong please?
Below is the test project setting I am using.
- django-version: 1.10.3
- python-version: 3.5.2
- Project Name: cors_test
- App Name: appone
appone/urls.py
urlpatterns = [ url(r'^$', views.test_cors, name='test_cors'), ]
appone/views.py
def test_cors(request): return render(request, 'appone/test.html', {})
appone/templates/appone/test.html
<html> <script type="text/javascript"> var url = 'https://www.google.co.jp/?gfe_rd=cr&ei=BuxgWJ-_LIyL8QfIgYe4BQ'; var xhr = new XMLHttpRequest(); xhr.open('GET', url, true); xhr.onload = function() { var responseText = xhr.responseText; console.log(responseText); }; xhr.onerror = function() { console.log('There was an error!'); }; xhr.send(); </script> </html>
settings.py
INSTALLED_APPS = [ 'corsheaders', 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'appone' ] MIDDLEWARE = [ 'corsheaders.middleware.CorsMiddleware', 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', ] CORS_ORIGIN_ALLOW_ALL = True
And that's it! That is every setting, and I ran server by
python manage.py runserver
Below is what I get by running above
- error from console,
(index):1 XMLHttpRequest cannot load https://www.google.co.jp/?gfe_rd=cr&ei=BuxgWJ-_LIyL8QfIgYe4BQ. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
(index):14 There was an error!
Request Headers
:authority:www.google.co.jp :method:GET :path:/?gfe_rd=cr&ei=BuxgWJ-_LIyL8QfIgYe4BQ :scheme:https accept:*/* accept-encoding:gzip, deflate, sdch, br accept-language:ja,en-US;q=0.8,en;q=0.6 cache-control:no-cache origin:http://127.0.0.1:8000 pragma:no-cache referer:http://127.0.0.1:8000/ user-agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 x-client-data:CJe2yQEIpbbJAQjEtskBCPucygEIqZ3KAQ==
Response Headers
alt-svc:quic=":443"; ma=2592000; v="35,34" cache-control:private, max-age=0 content-encoding:gzip content-type:text/html; charset=UTF-8 date:Mon, 26 Dec 2016 10:48:37 GMT expires:-1 p3p:CP="This is not a P3P policy! See https://www.google.com/support/accounts/answer/151657?hl=en for more info." server:gws set-cookie:NID=93=Mg89hJyAP7FyVu5AT9RzCWxyPndiWPZdKTDgipYBJhJwEBRXdMLTa5aPOBvLjVW6mwUCY1qSaOnPPIlqMvT2x1VjdoPhdlyK67ufk5bOFJJC9eKaEtfngw2xWBhSTSyI; expires=Tue, 27-Jun-2017 10:48:37 GMT; path=/; domain=.google.co.jp; HttpOnly status:200 x-frame-options:SAMEORIGIN x-xss-protection:1; mode=block
General
Request URL:https://www.google.co.jp/?gfe_rd=cr&ei=BuxgWJ-_LIyL8QfIgYe4BQ Request Method:GET Status Code:200 Remote Address:216.58.197.195:443
The
django-cors-middleware
app allows you to control access to your Django app from different domains. It doesn't let you control access to google.co.jp from your Django app. You don't control the headers that google.co.jp returns, so you can't use the middleware to enable cors.If the third party does not enable cors or jsonp, then you can't access it using javascript. You'll have to fetch the content in your view instead.