django-cors-middleware does not work

948 views Asked by At

I've been trying django-cors-middleware for days, but I just cannot figure out how to set it up.
Can anyone tell me what I am doing wrong please?
Below is the test project setting I am using.

  • django-version: 1.10.3
  • python-version: 3.5.2
  • Project Name: cors_test
  • App Name: appone
  • appone/urls.py

    urlpatterns = [
        url(r'^$', views.test_cors, name='test_cors'),
    ]
    
  • appone/views.py

    def test_cors(request):
        return render(request, 'appone/test.html', {})
    
  • appone/templates/appone/test.html

    <html>
        <script type="text/javascript">
    
        var url = 'https://www.google.co.jp/?gfe_rd=cr&ei=BuxgWJ-_LIyL8QfIgYe4BQ';
        var xhr = new XMLHttpRequest();
        xhr.open('GET', url, true);
    
        xhr.onload = function() {
         var responseText = xhr.responseText;
         console.log(responseText);
        };
    
        xhr.onerror = function() {
          console.log('There was an error!');
        };
    
        xhr.send();
        </script>
    
    </html>
    
  • settings.py

    INSTALLED_APPS = [
        'corsheaders',
        'django.contrib.admin',
        'django.contrib.auth',
        'django.contrib.contenttypes',
        'django.contrib.sessions',
        'django.contrib.messages',
        'django.contrib.staticfiles',
        'appone'
    ]
    
    
    MIDDLEWARE = [
        'corsheaders.middleware.CorsMiddleware',
        'django.middleware.security.SecurityMiddleware',
        'django.contrib.sessions.middleware.SessionMiddleware',
        'django.middleware.common.CommonMiddleware',
        'django.middleware.csrf.CsrfViewMiddleware',
        'django.contrib.auth.middleware.AuthenticationMiddleware',
        'django.contrib.messages.middleware.MessageMiddleware',
    ]
    
    CORS_ORIGIN_ALLOW_ALL = True
    



And that's it! That is every setting, and I ran server by

python manage.py runserver




Below is what I get by running above

  • error from console,

(index):1 XMLHttpRequest cannot load https://www.google.co.jp/?gfe_rd=cr&ei=BuxgWJ-_LIyL8QfIgYe4BQ. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
(index):14 There was an error!

  • Request Headers

    :authority:www.google.co.jp
    :method:GET
    :path:/?gfe_rd=cr&ei=BuxgWJ-_LIyL8QfIgYe4BQ
    :scheme:https
    accept:*/*
    accept-encoding:gzip, deflate, sdch, br
    accept-language:ja,en-US;q=0.8,en;q=0.6
    cache-control:no-cache
    origin:http://127.0.0.1:8000
    pragma:no-cache
    referer:http://127.0.0.1:8000/
    user-agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
    x-client-data:CJe2yQEIpbbJAQjEtskBCPucygEIqZ3KAQ==
    
  • Response Headers

    alt-svc:quic=":443"; ma=2592000; v="35,34"
    cache-control:private, max-age=0
    content-encoding:gzip
    content-type:text/html; charset=UTF-8
    date:Mon, 26 Dec 2016 10:48:37 GMT
    expires:-1
    p3p:CP="This is not a P3P policy! See https://www.google.com/support/accounts/answer/151657?hl=en for more info."
    server:gws
    set-cookie:NID=93=Mg89hJyAP7FyVu5AT9RzCWxyPndiWPZdKTDgipYBJhJwEBRXdMLTa5aPOBvLjVW6mwUCY1qSaOnPPIlqMvT2x1VjdoPhdlyK67ufk5bOFJJC9eKaEtfngw2xWBhSTSyI; expires=Tue, 27-Jun-2017 10:48:37 GMT; path=/; domain=.google.co.jp; HttpOnly
    status:200
    x-frame-options:SAMEORIGIN
    x-xss-protection:1; mode=block
    
  • General

    Request URL:https://www.google.co.jp/?gfe_rd=cr&ei=BuxgWJ-_LIyL8QfIgYe4BQ
    Request Method:GET
    Status Code:200 
    Remote Address:216.58.197.195:443
    
1

There are 1 answers

0
Alasdair On BEST ANSWER

The django-cors-middleware app allows you to control access to your Django app from different domains. It doesn't let you control access to google.co.jp from your Django app. You don't control the headers that google.co.jp returns, so you can't use the middleware to enable cors.

If the third party does not enable cors or jsonp, then you can't access it using javascript. You'll have to fetch the content in your view instead.