Django 当浏览器和邮递员处于禁用状态时,无法获取数据
我有一个在Django Rest框架中开发的API,它在我的浏览器和postman中调用时可以工作,但在Angular中调用时会给出一个“(失败)”响应。没有给出响应代码(如404) 在控制台日志中,它声称它是由于CORS引起的,但同一浏览器允许它直接调用 获取:Django 当浏览器和邮递员处于禁用状态时,无法获取数据,django,angular,django-rest-framework,cors,Django,Angular,Django Rest Framework,Cors,我有一个在Django Rest框架中开发的API,它在我的浏览器和postman中调用时可以工作,但在Angular中调用时会给出一个“(失败)”响应。没有给出响应代码(如404) 在控制台日志中,它声称它是由于CORS引起的,但同一浏览器允许它直接调用 获取: Access to XMLHttpRequest at 'http://localhost:8000/article/articletype' from origin 'http://localhost:4200' has been
Access to XMLHttpRequest at 'http://localhost:8000/article/articletype' from origin 'http://localhost:4200' has been blocked by CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.
我从Django控制台知道一个调用正在成功进行,因为它给出了200个响应
我已经尝试通过向角度调用添加标题来允许CORS从两端绕过。下面是我允许的访问控制。
我也玩过不同的内容类型和接受(wasttext/html),但现在列为*
'Accept' : '*/*' , 'Content-Type': '*' , 'Access-Control-Allow-Origin':'*', 'Access-Control-Allow-Headers':'*'
对于Django,我添加了带有CORS\u ORIGIN\u ALLOW\u ALL=True的“corsheaders”插件
我还尝试在Django中返回JSON和JsonResponse的HttpResponse
在Django RFW中:
目前代码看起来像这样,但我已经尝试了很多不同的迭代
jresponse = {
"id" : 2,
"text" : response,
"prev_button" : "...prev",
"subject1" : "SomeSub",
"stage" : "SomeStage",
"type1" : "SomeType1",
"type2" : "SomeType2",
"subject_list" : ["Sub1","Sub2","Sub3","Sub4"],
"stage_list" : ["Stage1","Stage2","Stage3","Stage4"],
"type1_list" : ["Type1.1","Type1.2", "Type1.3","Type1.4"],
"type2_list" : ["Type2.1","Type2.2","Type2.3","Type2.4"],
}
jr=json.dumps(jresponse)
jr['Access-Control-Allow-Origin'] = '*'
jr['Access-Control-Allow-Headers'] = '*'
# jr = serialize('json', response) # Tried this, didn't work
# return JsonResponse(jresponse) # Tried this, didn't work
return HttpResponse(jresponse) # I have also tried returning the 'jr' variable
在我所有的迭代中,我通常在浏览器中得到响应
对于角度:
getArticles() {
let add = 'http://localhost:8000/page/'.concat(this.articleid);
this.http.get(add,
{headers : { 'Accept' : '*/*' , 'Content-Type': '*' , 'Access-Control-Allow-Origin':'*', 'Access-Control-Allow-Headers':'*' }}
).subscribe(
article => { this.article = article;
console.log(this.article)
})
如前所述,接受和内容类型已通过工厂
我想接收我可以在模板中使用的Json对象
例如:{{article.subject}}
更新了您的设置,如:
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
首先将您的URL添加到允许的主机
ALLOWED_HOSTS = ['localhost', '127.0.0.1', 'other IP of servers']
然后检查中间件设置,如:
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
然后添加以下设置:
CORS_ALLOW_CREDENTIALS = True
ACCESS_CONTROL_ALLOW_HEADERS = True
CORS_ORIGIN_ALLOW_ALL = True
CORS_ORIGIN_WHITELIST = (
'localhost:4200',
'localhost:8000',
'127.0.0.1:8000',
'other IPs'
)
CORS_ALLOW_METHODS = (
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
)
CSRF_TRUSTED_ORIGINS = (
'127.0.0.1:9200',
'localhost:9200',
'other IPs'
)
CORS_ALLOW_HEADERS = (
'accept',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
)
我在angular上也遇到了同样的问题,然后我添加了如上所述的设置,然后它就工作了。您是否正确配置了CORS中间件?(在通用中间件之前)GET请求不执行飞行前CORS检查。您问题中的错误是针对“”的,但您的代码没有访问该URL。实际上,没有必要将客户端的服务器域添加到允许的主机。这只是为了Django服务器尝试了上面的方法没有任何乐趣。尝试了上面的方法没有任何乐趣。我还添加了标题:res=HttpResponse(jr)res['Access-Control-Allow-Origin']='*'return-HttpResponse(jr),但没有效果。django的握手过程是什么?