I'm attempting to use django-cors-middleware to allow cross-origin resource sharing in my Django-based API hosted on Heroku. I've followed the setup specified in my settings.py
, namely:
INSTALLED_APPS = [
...
'corsheaders',
]
MIDDLEWARE_CLASSES = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True
(I show 'django.middleware.clickjacking.XFrameOptionsMiddleware'
because I read in another SO post that django-cors-middleware
doesn't work with clickjacking
middleware, but it doesn't seem to work either way.)
I'm using https://resttesttest.com to test. When I make the request it spits out: Oh no! Javascript returned an HTTP 0 error. One common reason this might happen is that you requested a cross-domain resource from a server that did not include the appropriate CORS headers in the response
@ChirdeepTomar, yes this worked when testing locally. I'm unsure why it didn't work with resttesttest.com. There is a fantastic applet for testing CORS locally that I found here, and have reproduced below for convenience: