[Django]-The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute

0👍

by default django dose not allow Access-Control-Allow-Origin for all domains you should add a MIDDLEWARE_CLASSES to do this .

class AccessControl(object):
    def process_request(self, request):

        if 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' in request.META:
            response = http.HttpResponse()
            response["Access-Control-Allow-Origin"]= "*"
            response["Access-Control-Allow-Credentials"] = "true"
            response["Access-Control-Allow-Methods"]= "GET,HEAD,OPTIONS,POST,PUT"
            response["Access-Control-Allow-Headers"] = "Authentication , Authorization , X-CSRF-Token , Access-Control-Allow-Credentials , Access-Control-Allow-Methods , Access-Control-Allow-Origin , Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers"

            return response

        return None

then in setting.py

MIDDLEWARE_CLASSES = [
    ...
    'app.filename.AccessControl',

    ]

this will allow requests from all domains

Leave a comment