仅在Chrome上缺少带有corsheaders的补丁方法 [英] Missing Patch method with corsheaders only on chrome

问题描述

我有一个使用 corsheaders 包及其在settings.py中的Django应用，如下所示:

I have a Django app that's using corsheaders package and its in settings.py like this:

INSTALLED_APPS = [ ..., corsheaders, ...]
...
MIDDLEWARE = [
    # on top
    "corsheaders.middleware.CorsMiddleware",
    "django.middleware.common.CommonMiddleware",
    ...
]
...
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True

当我尝试在 OPTIONS 方法之后在Google Chrome上执行 PATCH 请求时，得到以下信息:

When I'm trying to do a PATCH request on Google Chrome after the OPTIONS method I get this:

缺少Access-Control-Allow-Methods PATCH ，下一个请求因CORS方法错误而失败.

The Access-Control-Allow-Methods is missing PATCHand the next request fails with CORS methods error.

但是我在Firefox上尝试了相同的方法，并且可以按预期工作.

But I tried the same method on Firefox and its working as intended.

推荐答案

似乎您需要显式设置允许的来源，而不是使用通配符，即 * :

Seems like you need to set allowed origins explicitly, not by using the wildcard i.e. *:

CORS_ALLOWED_ORIGINS = [
    "https://example.com",
    "https://sub.example.com",
    "http://localhost:8080",
    "http://127.0.0.1:9000"
]

还要设置所有HTTP动词:

Also, set all HTTP verbs:

CORS_ALLOW_METHODS = [
    'DELETE',
    'GET',
    'OPTIONS',
    'PATCH',
    'POST',
    'PUT',
]

了解更多:

• https://pypi.org/project/django-cors-headers/
• Chrome跨域PATCH请求不起作用
• CORS_ALLOW_ALL_ORIGINS = True 或 CORS_ORIGIN_ALLOW_ALL = True (旧名称)等于使用通配符 * :

• https://pypi.org/project/django-cors-headers/
• Chrome Cross-Domain PATCH request not working
• CORS_ALLOW_ALL_ORIGINS = True or CORS_ORIGIN_ALLOW_ALL = True (OLD name) is equal to using wildcard * : L131 django-cors-headers middleware.py file

这篇关于仅在Chrome上缺少带有corsheaders的补丁方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！