AngularJS Single Page Web Application on Sub-domain A, talking to a Django JSON (REST) API on Sub-domain B using CORS and CSRF protection Since I’m currently working on a similar setup and was battling to get CORS to work properly in combination with CSRF protection, I wanted to share my own learnings here. Setup – … Read more
I was having this same issue and everything seemed to be in the right place. Then I figured out that I had started the server before adding ‘corsheaders.middleware.CorsMiddleware’, to the MIDDLEWARE_CLASSES. After making the correction, it was still not working. After trying a bunch of stuff, I opened it in another browser and it worked. … Read more
Install the cors-headers package with pip install django-cors-headers Adds to your installed apps INSTALLED_APPS = [ … ‘corsheaders’, … ] Add on your MIDDLEWARE remember to add as being the first in the list MIDDLEWARE = [ ‘corsheaders.middleware.CorsMiddleware’, ‘django.middleware.common.CommonMiddleware’, … ] Before installed apps put this configuration for anyone to access CORS_ORIGIN_ALLOW_ALL=True Or create a … Read more
This is a part of security, you cannot do that. If you want to allow credentials then your Access-Control-Allow-Origin must not use *. You will have to specify the exact protocol + domain + port. For reference see these questions : Access-Control-Allow-Origin wildcard subdomains, ports and protocols Cross Origin Resource Sharing with Credentials Besides * … Read more