Issue with cors requests and patch methods
vamonte opened this issue · comments
Valentin Monté commented
Hi,
I'm having an issue with the PATCH requests.
I thought, I had an issue with the preflighted requests but my POST requests are ok. (GET requests too)
Bellow some examples:
front_domain = "https://front.com
api_domain = "https/api.com
POST request from front_domain to api_domain/resource generate :
1) One OPTION request. The response contains the cors headers. Status 200 (perfect)
2) One POST request. The response contains the cors headers. Status 201 (perfectt)
PATCH request from front_domain to api_domain/resource/:id generate :
1) One OPTION request. The response contains the cors headers. Status 200 (perfect)
2) One PATCH request. The response doesn't contain the cors headers. Status 503 (Why?)
My cors settings are bellow:
INSTALLED_APPS = [
...
"rest_framework",
"django_filters",
"corsheaders",
...
]
MIDDLEWARE = [
"corsheaders.middleware.CorsMiddleware",
"django.middleware.security.SecurityMiddleware",
"my.middlewares.CsrfHeaderMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
...
]
CORS_ORIGIN_WHITELIST = ["https://front.com"]
CORS_EXPOSE_HEADERS = ['X-CSRFToken', 'csrftoken']
CORS_ALLOW_CREDENTIALS = True
CSRF_COOKIE_SAMESITE = None
CSRF_COOKIE_HTTPONLY = True
CSRF_COOKIE_SECURE = True
I'm on this issue for several hours so I hope some people know the solutions.
Thanks
Valentin Monté commented
Ok ...
It's not an issue of this project.
If you use isomorphic-fetch don't forget that patch method name is case sensitive...
JakeChampion/fetch#254
udemezue John commented
Your Django settings are incomplete
…On Wed, Mar 11, 2020, 16:58 Valentin Monté ***@***.***> wrote:
Hi,
I'm having an issue with the PATCH requests.
I thought, I had an issue with the preflighted requests but my POST
requests are ok. (GET requests too)
Bellow some examples:
front_domain = "https://front.com
api_domain = "https/api.com
POST request from front_domain to api_domain/resource generate :
1) One OPTION request. The response contains the cors headers. Status 200 (perfect)
2) One POST request. The response contains the cors headers. Status 201 (perfectt)
PATCH request from front_domain to api_domain/resource/:id generate :
1) One OPTION request. The response contains the cors headers. Status 200 (perfect)
2) One PATCH request. The response doesn't contain the cors headers. Status 503 (Why?)
My cors settings are bellow:
INSTALLED_APPS = [
...
"rest_framework",
"django_filters",
"corsheaders",
...
]
MIDDLEWARE = [
"corsheaders.middleware.CorsMiddleware",
"django.middleware.security.SecurityMiddleware",
"my.middlewares.CsrfHeaderMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
...
]
CORS_ORIGIN_WHITELIST = ["https://front.com"]CORS_EXPOSE_HEADERS = ['X-CSRFToken', 'csrftoken']CORS_ALLOW_CREDENTIALS = TrueCSRF_COOKIE_SAMESITE = NoneCSRF_COOKIE_HTTPONLY = TrueCSRF_COOKIE_SECURE = True
I'm on this issue for several hours so I hope some people know the
solutions.
Thanks
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#498>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AD2KU4ODA6LXUYI5QJR3653RG6YLFANCNFSM4LFZB5OQ>
.
Adam Johnson commented
@vamonte yes HTTP methods are all caps. Odd that it caused a 503 error though.
@udemezue01 it's normal not to share full settings
udemezue John commented
#outlook a { padding: 0; }
.ReadMsgBody { width: 100%; }
.ExternalClass { width: 100%; }
.ExternalClass * { line-height:100%; }
body { margin: 0; padding: 0; -webkit-text-size-adjust: 100%; -ms-text-size-adjust: 100%; }
table, td { border-collapse:collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt; }
img { border: 0; height: auto; line-height: 100%; outline: none; text-decoration: none; -ms-interpolation-mode: bicubic; }
p { display: block; margin: 13px 0; }
@media only screen and (max-width:480px) {
@-ms-viewport { width:320px; }
@Viewport { width:320px; }
}
@import url(https://d2yjfm58htokf8.cloudfront.net/static/fonts/averta-v2.css);
*, *:before, *:after {
box-sizing: border-box;
}
p {
margin: 0 0 40px 0;
}
a {
color: #00b9ff;
}
a.no-decoration {
text-decoration: none;
}
.body-wrapper {
background: #f2f5f7;
padding: 16px;
}
.logo-wrapper {
margin-bottom: 16px !important;
}
.content-wrapper {
margin-bottom: 16px !important;
}
.footer-wrapper div {
color: #37517e !important;
}
.footer-wrapper div a {
color: #00b9ff !important;
}
.mt-0 {
margin-top: 0 !important;
}
.mt-1 {
margin-top: 16px !important;
}
.mt-2 {
margin-top: 24px !important;
}
.mb-0 {
margin-bottom: 0 !important;
}
.mb-1 {
margin-bottom: 16px !important;
}
.mb-2 {
margin-bottom: 24px !important;
}
.mr-0 {
margin-right: 0 !important;
}
.mr-1 {
margin-right: 16px !important;
}
.mr-2 {
margin-right: 24px !important;
}
.ml-0 {
margin-left: 0 !important;
}
.ml-1 {
margin-left: 16px !important;
}
.ml-2 {
margin-left: 24px !important;
}
.centered {
text-align: center
}
.btn {
box-sizing: border-box;
display: inline-block;
min-height: 36px;
padding: 12px 24px;
margin: 0 0 24px;
font-size: 16px;
font-weight: 600;
line-height: 24px;
text-align: center;
white-space: nowrap;
vertical-align: middle;
cursor: pointer;
border: 0;
border-radius: 3px;
color: #fff !important;
background-color: #00b9ff;
text-decoration: none;
-webkit-transition: all .15s ease-in-out;
-o-transition: all .15s ease-in-out;
transition: all .15s ease-in-out;
}
.btn-full {
width: 100%;
}
.btn:hover {
background-color: #00a4df;
}
.btn:active {
background-color: #008ec0;
}
.blue {
color: #00b9ff;
}
@media screen and (min-width: 576px) and (max-width: 768px) {
.body-wrapper {
padding: 24px !important;
}
.logo-wrapper {
margin-bottom: 24px !important;
}
.content-wrapper {
margin-bottom: 24px !important;
}
}
@media screen and (min-width: 768px) {
.body-wrapper {
padding: 24px 48px !important;
}
.logo-wrapper {
margin-bottom: 24px !important;
}
.content-wrapper {
margin-bottom: 48px !important;
}
}
.mainCard .hero {
color: #fff;
font-size: 26px;
font-weight: bold;
margin-bottom: 24px;
}
.mainCard .hero .highlight {
color: #00b9ff;
}
.mainCard p {
color: #fff;
}
.title {
font-size: 22px;
font-weight: 600;
color: #2f4366;
}
.subtitle {
font-size: 16px;
font-weight: 600;
color: #2f4366;
}
.mainCard {
background-color: #37517e !important;
}
.custom-message{
background-color: #dbf4fe;
}
.custom-message p{
padding: 24px;
color: #37517e;
margin-bottom: 0;
}
.custom-message-triangle {
width: 0;
height: 0;
border-style: solid;
border-width: 21px 20px 0;
border-color: #dbf4fe transparent transparent;
margin-left: auto;
margin-right: auto;
}
.initials-circle {
width: 40px;
height: 40px;
background-color: #f2f5f7;
-moz-border-radius: 20px;
-webkit-border-radius: 20px;
border-radius: 20px;
margin-left: auto;
margin-right: auto;
margin-top: 12px;
margin-bottom: 40px;
text-align: center;
line-height: 40px;
}
.initials-circle table{
font-size:16px;
color:#37517e;
}
@media only screen and (min-width:480px) {
.mj-column-per-100 { width:100%!important; }
}
Nwabufor invited you to TransferWise.
Thanks to Nwabufor, you’ll get your first transfer of up to 500 GBP fee-free. And, as always — you’ll get the real exchange rate whenever you send money abroad.
Claim your transfer now
Want to change what we get in touch about? Go to your Notification Settings. We can’t receive replies to this email address. But if you’d like some support, please visit our Help Centre.This email was sent to you by TransferWise. By using our services, you agree to our customer agreements.
© TransferWise 2020. All rights reserved.
zdtag-nr-contact-form-sent