Issue with cors requests and patch methods

Question

Issue with cors requests and patch methods

vamonte opened this issue 4 years ago · comments

Hi,

I'm having an issue with the PATCH requests.
I thought, I had an issue with the preflighted requests but my POST requests are ok. (GET requests too)

Bellow some examples:

front_domain = "https://front.com
api_domain = "https/api.com

POST request from front_domain to api_domain/resource generate : 

1) One OPTION request. The response contains the cors headers. Status 200 (perfect)
2) One POST request. The response contains the cors headers. Status 201 (perfectt)

PATCH request from front_domain to api_domain/resource/:id generate : 

1) One OPTION request. The response contains the cors headers. Status 200 (perfect)
2) One PATCH request. The response doesn't contain the cors headers. Status 503 (Why?)

My cors settings are bellow:

INSTALLED_APPS = [
   ...
    "rest_framework",
    "django_filters",
    "corsheaders",
    ...
]

MIDDLEWARE = [
    "corsheaders.middleware.CorsMiddleware",
    "django.middleware.security.SecurityMiddleware",
    "my.middlewares.CsrfHeaderMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
   ...
]

CORS_ORIGIN_WHITELIST = ["https://front.com"]
CORS_EXPOSE_HEADERS = ['X-CSRFToken', 'csrftoken']
CORS_ALLOW_CREDENTIALS = True
CSRF_COOKIE_SAMESITE = None
CSRF_COOKIE_HTTPONLY = True
CSRF_COOKIE_SECURE = True

I'm on this issue for several hours so I hope some people know the solutions.

Thanks

Valentin Monté · Answer 1 · Thu Mar 12 2020 01:17:20 GMT+0800 (China Standard Time)

Ok ...
It's not an issue of this project.
If you use isomorphic-fetch don't forget that patch method name is case sensitive...
JakeChampion/fetch#254

udemezue John · Answer 2 · Thu Mar 12 2020 01:40:26 GMT+0800 (China Standard Time)

Your Django settings are incomplete

…

On Wed, Mar 11, 2020, 16:58 Valentin Monté ***@***.***> wrote: Hi, I'm having an issue with the PATCH requests. I thought, I had an issue with the preflighted requests but my POST requests are ok. (GET requests too) Bellow some examples: front_domain = "https://front.com api_domain = "https/api.com POST request from front_domain to api_domain/resource generate : 1) One OPTION request. The response contains the cors headers. Status 200 (perfect) 2) One POST request. The response contains the cors headers. Status 201 (perfectt) PATCH request from front_domain to api_domain/resource/:id generate : 1) One OPTION request. The response contains the cors headers. Status 200 (perfect) 2) One PATCH request. The response doesn't contain the cors headers. Status 503 (Why?) My cors settings are bellow: INSTALLED_APPS = [ ... "rest_framework", "django_filters", "corsheaders", ... ] MIDDLEWARE = [ "corsheaders.middleware.CorsMiddleware", "django.middleware.security.SecurityMiddleware", "my.middlewares.CsrfHeaderMiddleware", "django.middleware.csrf.CsrfViewMiddleware", ... ] CORS_ORIGIN_WHITELIST = ["https://front.com"]CORS_EXPOSE_HEADERS = ['X-CSRFToken', 'csrftoken']CORS_ALLOW_CREDENTIALS = TrueCSRF_COOKIE_SAMESITE = NoneCSRF_COOKIE_HTTPONLY = TrueCSRF_COOKIE_SECURE = True I'm on this issue for several hours so I hope some people know the solutions. Thanks — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#498>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AD2KU4ODA6LXUYI5QJR3653RG6YLFANCNFSM4LFZB5OQ> .

Adam Johnson · Answer 3 · Thu Mar 12 2020 01:42:59 GMT+0800 (China Standard Time)

@vamonte yes HTTP methods are all caps. Odd that it caused a 503 error though.

@udemezue01 it's normal not to share full settings

udemezue John · Answer 4 · Wed Jun 10 2020 10:38:29 GMT+0800 (China Standard Time)

#outlook a { padding: 0; } .ReadMsgBody { width: 100%; } .ExternalClass { width: 100%; } .ExternalClass * { line-height:100%; } body { margin: 0; padding: 0; -webkit-text-size-adjust: 100%; -ms-text-size-adjust: 100%; } table, td { border-collapse:collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt; } img { border: 0; height: auto; line-height: 100%; outline: none; text-decoration: none; -ms-interpolation-mode: bicubic; } p { display: block; margin: 13px 0; } @media only screen and (max-width:480px) { @-ms-viewport { width:320px; } @Viewport { width:320px; } } @import url(https://d2yjfm58htokf8.cloudfront.net/static/fonts/averta-v2.css); *, *:before, *:after { box-sizing: border-box; } p { margin: 0 0 40px 0; } a { color: #00b9ff; } a.no-decoration { text-decoration: none; } .body-wrapper { background: #f2f5f7; padding: 16px; } .logo-wrapper { margin-bottom: 16px !important; } .content-wrapper { margin-bottom: 16px !important; } .footer-wrapper div { color: #37517e !important; } .footer-wrapper div a { color: #00b9ff !important; } .mt-0 { margin-top: 0 !important; } .mt-1 { margin-top: 16px !important; } .mt-2 { margin-top: 24px !important; } .mb-0 { margin-bottom: 0 !important; } .mb-1 { margin-bottom: 16px !important; } .mb-2 { margin-bottom: 24px !important; } .mr-0 { margin-right: 0 !important; } .mr-1 { margin-right: 16px !important; } .mr-2 { margin-right: 24px !important; } .ml-0 { margin-left: 0 !important; } .ml-1 { margin-left: 16px !important; } .ml-2 { margin-left: 24px !important; } .centered { text-align: center } .btn { box-sizing: border-box; display: inline-block; min-height: 36px; padding: 12px 24px; margin: 0 0 24px; font-size: 16px; font-weight: 600; line-height: 24px; text-align: center; white-space: nowrap; vertical-align: middle; cursor: pointer; border: 0; border-radius: 3px; color: #fff !important; background-color: #00b9ff; text-decoration: none; -webkit-transition: all .15s ease-in-out; -o-transition: all .15s ease-in-out; transition: all .15s ease-in-out; } .btn-full { width: 100%; } .btn:hover { background-color: #00a4df; } .btn:active { background-color: #008ec0; } .blue { color: #00b9ff; } @media screen and (min-width: 576px) and (max-width: 768px) { .body-wrapper { padding: 24px !important; } .logo-wrapper { margin-bottom: 24px !important; } .content-wrapper { margin-bottom: 24px !important; } } @media screen and (min-width: 768px) { .body-wrapper { padding: 24px 48px !important; } .logo-wrapper { margin-bottom: 24px !important; } .content-wrapper { margin-bottom: 48px !important; } } .mainCard .hero { color: #fff; font-size: 26px; font-weight: bold; margin-bottom: 24px; } .mainCard .hero .highlight { color: #00b9ff; } .mainCard p { color: #fff; } .title { font-size: 22px; font-weight: 600; color: #2f4366; } .subtitle { font-size: 16px; font-weight: 600; color: #2f4366; } .mainCard { background-color: #37517e !important; } .custom-message{ background-color: #dbf4fe; } .custom-message p{ padding: 24px; color: #37517e; margin-bottom: 0; } .custom-message-triangle { width: 0; height: 0; border-style: solid; border-width: 21px 20px 0; border-color: #dbf4fe transparent transparent; margin-left: auto; margin-right: auto; } .initials-circle { width: 40px; height: 40px; background-color: #f2f5f7; -moz-border-radius: 20px; -webkit-border-radius: 20px; border-radius: 20px; margin-left: auto; margin-right: auto; margin-top: 12px; margin-bottom: 40px; text-align: center; line-height: 40px; } .initials-circle table{ font-size:16px; color:#37517e; } @media only screen and (min-width:480px) { .mj-column-per-100 { width:100%!important; } } Nwabufor invited you to TransferWise. Thanks to Nwabufor, you’ll get your first transfer of up to 500 GBP fee-free. And, as always — you’ll get the real exchange rate whenever you send money abroad. Claim your transfer now Want to change what we get in touch about? Go to your Notification Settings. We can’t receive replies to this email address. But if you’d like some support, please visit our Help Centre.This email was sent to you by TransferWise. By using our services, you agree to our customer agreements. © TransferWise 2020. All rights reserved. zdtag-nr-contact-form-sent