1👍
This happens because of Same origin policy.
You need to make AJAX call from same domain where request goes. Or make server-side changes, allowing requests from external domains.
To resolve this you need to make changes in headers at http://domain.com by allowing your external domain in headers:
Access-Control-Allow-Origin: *
Read more
77👍
Antyrat’s answer is not complete.
You have to specify which headers your server allows; in your case Authorization.
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: Authorization
- [Django]-Using {% url ??? %} in django templates
- [Django]-Malformed Packet: Django admin nested form can't submit, connection was reset
- [Django]-PHP Frameworks (CodeIgniter, Yii, CakePHP) vs. Django
2👍
Although I upvoted the answer of @Manuel Bitto,
I would like to post another answer which contains a complete Cors Filter that works for me with Apache tomcat 5.x:
public class CorsFilter implements Filter {
public CorsFilter() { }
public void init(FilterConfig fConfig) throws ServletException { }
public void destroy() { }
public void doFilter(
ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletResponse httpServletResponse = (HttpServletResponse)response;
httpServletResponse.addHeader("Access-Control-Allow-Origin", "*");
httpServletResponse.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, OPTIONS, DELETE");
httpServletResponse.addHeader("Access-Control-Allow-Headers", "Authorization");
chain.doFilter(request, response);
}
}
I would suggest to specifically pay attention to the addition of OPTIONS to to the “Access-Control-Allow-Methods” header values.
The reason for doing that is that according to the explanation provided here by Mozilla,
if your request (let’s say POST) contains a special header, or content type (and this is my case), then the XMLHttpRequest object will generate an additional OPTIONS call, which you need to address in your code.
I hope this helps.
- [Django]-How to manually assign imagefield in Django
- [Django]-Django multiple and dynamic databases
- [Django]-In a django model custom save() method, how should you identify a new object?
0👍
The problem was that www.domain.com was seen as different than domain.com.
domain.com worked, but when I used www.domain.com, it detected me as doing requests from a different domain
- [Django]-Sharing models between Django apps
- [Django]-How to make two django projects share the same database
- [Django]-How to use permission_required decorators on django class-based views
0👍
I know this question is older.
But today I ran into same cors issue after adding owin. After number of search on google and trying various solutions. I solved cors issue by adding below
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
For more details please follow the below links. Thanks.
- [Django]-Difference between Django's filter() and get() methods
- [Django]-Django can't find new sqlite version? (SQLite 3.8.3 or later is required (found 3.7.17))
- [Django]-Numeric for loop in Django templates