您的位置: 首页  >  技术问答  >  请求的资源上没有“Access-Control-Allow-Origin”标头。或对预检要求未通过访问控制检查

请求的资源上没有“Access-Control-Allow-Origin”标头。或对预检要求未通过访问控制检查

分类: 技术问答 2022-09-03 22:41:50
问题描述:

我得到的模板错误请求的资源上没有“Access-Control-Allow-Origin”标头。或对预检要求未通过访问控制检查

XMLHttpRequest cannot load http://127.0.0.1:8000/api/items/yeasts. 
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'null' is therefore not allowed access.

API /项目/ views.py:

import json 

from django.shortcuts import render 

from rest_framework import status 
from rest_framework.decorators import api_view, permission_classes 
from rest_framework.response import Response 

@api_view(['GET']) 
def serve_yeasts(request): 
    """ 
    Serve up some yeasts 
    """ 
    data = [ 
     {'category': 'Danstar', 'yeasts': ['Danstar 1', 'Danstar 2']}, 
     {'category': 'Fermentis', 'yeasts': ['West Coast', 'American Saison', 'White Wine']}, 
     {'category': 'White Labs', 'yeasts': ['White 1', 'White Saison']}, 
    ] 

    return Response(data=data, status=status.HTTP_200_OK) 


 self.get_yeasts = function(){ 

      var data = $.ajax({ 
       dataType: "json", 
       url: "http:/127.0.0.1:8000/api/items/yeasts", 
       success: onSuccess, 
       error: onError, 
      }); 
     }

如果我更改为

self.get_yeasts = function(){ 

      var data = $.ajax({ 
       dataType: "json", 
       url: "http:/127.0.0.1:8000/api/items/yeasts", 
       success: onSuccess, 
       error: onError, 
       beforeSend: function (request) { 
        request.setRequestHeader("Authorization", "Negotiate"); 
       }, 
       aysnc: true, 
      }); 
     }

的建议,我得到

XMLHttpRequest cannot load http://127.0.0.1:8000/api/items/yeasts. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.

代替。

settings.py:

""" 
Django settings for homebrew_app project. 

For more information on this file, see 
https://docs.djangoproject.com/en/1.7/topics/settings/ 

For the full list of settings and their values, see 
https://docs.djangoproject.com/en/1.7/ref/settings/ 
""" 

# Build paths inside the project like this: os.path.join(BASE_DIR, ...) 
import os 
BASE_DIR = os.path.dirname(os.path.dirname(__file__)) 


# Quick-start development settings - unsuitable for production 
# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/ 

# SECURITY WARNING: keep the secret key used in production secret! 
SECRET_KEY = 'hhp^-#(lx([email protected]%on7enee0ilngy=p7jybzm#a&[email protected]' 

# SECURITY WARNING: don't run with debug turned on in production! 
DEBUG = True 

TEMPLATE_DEBUG = True 

ALLOWED_HOSTS = [] 


# Application definition 

INSTALLED_APPS = (
    'django.contrib.admin', 
    'django.contrib.auth', 
    'django.contrib.contenttypes', 
    'django.contrib.sessions', 
    'django.contrib.messages', 
    'django.contrib.staticfiles', 

    # 3rd party 
    'django_extensions', 
    'rest_framework', 
    'corsheaders', 

    # custom 
    'calculations', 
    'objects', 

) 

MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware', 
    'corsheaders.middleware.CorsMiddleware', 
    'django.middleware.common.CommonMiddleware', 
    'django.middleware.csrf.CsrfViewMiddleware', 
    'django.contrib.auth.middleware.AuthenticationMiddleware', 
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 
    'django.contrib.messages.middleware.MessageMiddleware', 
    'django.middleware.clickjacking.XFrameOptionsMiddleware', 
) 

ROOT_URLCONF = 'homebrew_app.urls' 

WSGI_APPLICATION = 'homebrew_app.wsgi.application' 


# Database 
# https://docs.djangoproject.com/en/1.7/ref/settings/#databases 

DATABASES = { 
    'default': { 
     'ENGINE': 'django.db.backends.sqlite3', 
     'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), 
    } 
} 

# Internationalization 
# https://docs.djangoproject.com/en/1.7/topics/i18n/ 

LANGUAGE_CODE = 'en-us' 

TIME_ZONE = 'UTC' 

USE_I18N = True 

USE_L10N = True 

USE_TZ = True 


# Static files (CSS, JavaScript, Images) 
# https://docs.djangoproject.com/en/1.7/howto/static-files/ 

STATIC_URL = '/static/' 

CORS_ORIGIN_WHITELIST = (
    'localhost:8000', 
    '127.0.0.1:8000', 
    'localhost:5000', 
    '127.0.0.1:5000', 
)

Django的CORS出现适当https://github.com/ottoyiu/django-cors-headers

http://127.0.0.1:8000/api/items/yeasts/确实在浏览器中工作,返回酵母作为一个列表的列表,并在谷歌Chrome rest_framework风格渲染。

+0

一旦与方法试试:“GET”在Ajax调用 – neelima

,当你正试图从另一个域(偶数端口)获得的数据会发生这种情况。解决方案是使用您的主叫服务域名的值(例如:http://127.0.0.1:8080/相应地更改端口号)或使用值'*'设置的'Access-Control-Allow-Origin'来添加http头部'Access-Control-Allow-Origin'在'127.0.0.1:8000'上。

+0

所以我怎么做呢?我使用Django和已经尝试过的Django-CORS-头 – codyc4321

+0

你的意思是头添加到 – codyc4321

+0

没有,你需要把它添加到你的服务器的AJAX或响应(nginx的或其他)报头 –

相关推荐