CORS issue happening randomly

Question

CORS issue happening randomly

OmPrakash95 opened this issue 4 years ago · comments

Om Prakash Shanmugam commented 4 years ago

I use django-cors-headers in my application running locally. My frontend is a React App and it communicates with the django backend via REST API.

The problem here is that I get CORS error on preflight requests been sent to my backend server. When I retry the request or refresh my browser with "disable cache" option ON, all the API requests will get succeeded.

Access-Control-Max-Age is set to default value 86400

The issue is also noticed in the production environment. How do I fix this?

my settings.py

CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True

MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
.....
]

Adam Johnson · Answer 1 · Tue Sep 08 2020 16:55:53 GMT+0800 (China Standard Time)

What browser are you using? What version of django, django-cors-headers, python are you using?

Did you read all the resources in https://github.com/adamchainz/django-cors-headers#about-cors ?

Did you definitely deploy the same code, settings, and packages to all your web servers?

Om Prakash Shanmugam · Answer 2 · Fri Sep 11 2020 16:42:03 GMT+0800 (China Standard Time)

I use Chrome v85.
Django: 3.0.7
django-cors-headers: 3.3.0
Python: 3.7.6

Yes. The issue is replicable both on Local and Production environment.

Adam Johnson · Answer 3 · Thu Sep 17 2020 02:14:08 GMT+0800 (China Standard Time)

I'm afraid I can't help you directly off just this information. If you provide a sample project that replicates the issue, I can help you though. If it happens locally, it should be possible to create a new simple django project that reproduces the problem.

Another source of debugging is the logs in chrome's devtools. What do the messages say there?

Om Prakash Shanmugam · Answer 4 · Thu Sep 17 2020 06:05:25 GMT+0800 (China Standard Time)

It is possible to re-create the bug with a new sample django project.

Debug logs in Chrome Devtools: https://drive.google.com/file/d/1vhAFXzOnhprxIx0r0NTOjOF_gQki_uNR/view?usp=sharing

I think the issue is certainly on the Access-Control-Max-Age flag. When the above issue happens, I disable cache via devtools and refresh the page so that It will make a preflight request and it passes.

udemezue John · Answer 5 · Sat Sep 26 2020 15:14:22 GMT+0800 (China Standard Time)

CORS_ALLOWED_ORIGINS = [
"https://example.com",
"https://sub.example.com",
"http://localhost:8080",
"http://127.0.0.1:9000"
]

Add ur Django url and frontend URL here

Om Prakash Shanmugam · Answer 6 · Sun Sep 27 2020 18:25:56 GMT+0800 (China Standard Time)

I already have added CORS_ORIGIN_ALLOW_ALL = True. This should do the work right?

Deval Sethi · Answer 7 · Thu Oct 15 2020 16:17:52 GMT+0800 (China Standard Time)

@OmPrakash95 I am also facing the same issue. Did you find any solution?

Om Prakash Shanmugam · Answer 8 · Fri Oct 16 2020 22:51:00 GMT+0800 (China Standard Time)

Nothing yet. One of the findings was that it is only happening in Chrome Browsers and not in Safari. So I think this is something to do with how chrome cache preflight requests.

Om Prakash Shanmugam · Answer 9 · Mon Nov 23 2020 15:43:17 GMT+0800 (China Standard Time)

@devaljain1998 Did you find any solutions?

Deval Sethi · Answer 10 · Mon Nov 23 2020 16:22:02 GMT+0800 (China Standard Time)

Yes I did found a solution. We need to optimise our APIs. Actually there is a throttle time of the servers. In my case which the server was of Heroku where API time was 30 secs. If the API time exceeds 30 second then it showed CORS error. Fixed that by optimizing the db queries.

…

On Mon, 23 Nov 2020, 13:13 Om Prakash Shanmugam, ***@***.***> wrote: @devaljain1998 <https://github.com/devaljain1998> Did you find any solutions? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#573 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALCSXNH5LLT54H4X7RC5JTDSRIHCFANCNFSM4Q7PLDQA> .

Om Prakash Shanmugam · Answer 11 · Tue Dec 08 2020 16:11:15 GMT+0800 (China Standard Time)

Hi @devaljain1998 How is server response time related to CORS error?

Adam Johnson · Answer 12 · Wed Dec 09 2020 22:07:02 GMT+0800 (China Standard Time)

If you time out on Heroku (or any web server), the error response it returns does not have CORS headers. This is not something we can fix in this package.