"Origin" header doesn't exists and therefore the middleware doesn't work

Question

"Origin" header doesn't exists and therefore the middleware doesn't work

archatas opened this issue 2 years ago · comments

Aidas Bendoraitis commented 2 years ago

Understanding CORS

I have read the resources.

Python Version

3.7.0

Django Version

3.2.9

Package Version

3.10.1

Description

The "Origin" header doesn't exist in the Django development server or Nginx and Gunicorn. Therefore, the origin value is always None, and the CORS headers are never added.

origin = request.META.get("HTTP_ORIGIN")

As a workaround, I can add an environment variable in the Django project settings for the development server:

import os
os.environ["HTTP_ORIGIN"] = "http://127.0.0.1:8000"

And a header in Nginx for the remote staging or production server:

proxy_set_header Origin https://www.example.com;

Aidas Bendoraitis · Answer 1 · Mon Dec 20 2021 21:08:41 GMT+0800 (China Standard Time)

To be more specific, I am interested in making the API accessible by JavaScript from any domain:

CORS_ALLOW_ALL_ORIGINS = True
CORS_URLS_REGEX = r"^/api/.*$"

Adam Johnson · Answer 2 · Mon Dec 20 2021 21:17:52 GMT+0800 (China Standard Time)

Browsers always add the Origin header for cross origin requests. If you're not seeing it, it's because you're not looking at a browser request or a cross origin request.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin#description