Issue
I have a Vue front-end and a Django back-end and I have CORS enabled in settings.py, but I still get these errors:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8000/api/register. (Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8000/api/register. (Reason: CORS request did not succeed). Status code: (null).
This is at the bottom of my settings.py file:
CORS_ORIGIN_ALLOW_ALL = False
CORS_ORIGIN_WHITELIST = (
'http://localhost:8080',
'http://localhost:8000',
)
Solution
You have whitelisted your endpoint, but with CORS, there are a couple of things that you also need to properly set it up.
- Access-Control-Allow-Origin
- Access-Control-Allow-Headers
- Access-Control-Allow-Methods
- Access-Control-Allow-Credentials
You’ve done whitelisted your origin, but headers, methods, and credentials might not be configured yet on your Django project. Headers and Methods are having defaulted values as django-cors-headers documentation. So the last one is Credentials, you might want to check if your project requires authentication or not. If so then CORS_ALLOW_CREDENTIALS (default is False) is the one you might want to have a look at, set it to true if your project needs it.
Answered By – Toan Quoc Ho
This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0