adamchainz / django-cors-headers

Django app for handling the server headers required for Cross-Origin Resource Sharing (CORS)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CORS_ALLOW_ALL_ORIGINS Dont Work on Version 3.7.0

jvitorsf opened this issue · comments

Version 3.7.0 with attribute CORS_ALLOW_ALL_ORIGINS = True wasn't working at all.

Downgrading to version 3.6.0 solved the problem.

Current config:

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'corsheaders',
    'rest_framework',
    # 'django_filters',
    'core',
]

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

CORS_ALLOW_ALL_ORIGINS = True
ALLOWED_HOSTS = ['*']

Can you provide an example project? Not much has changed between the versions, and the tests needed no changes.

The code above is an example project. I was trying with several configs and did not achieve a solution with the CORS_ALLOW_ALL_ORIGINS = True.

It only worked by setting:

CORS_ALLOWED_ORIGINS = [
    "http://localhost:4200",
]

After checking on another project that I was using version 3.6.0, I downgraded to this version and it worked flawlessly.

Will make this test again and output the results here.

Yeah. Can't say what happened on sunday but today is working fine with both versions. Guess it was the sunday morning feeling. 😑

Thank you for your time!

No worries thanks for double checking.