仅在Chrome上缺少带有corsheaders的补丁方法 [英] Missing Patch method with corsheaders only on chrome
问题描述
我有一个使用 corsheaders
包及其在settings.py中的Django应用,如下所示:
I have a Django app that's using corsheaders
package and its in settings.py like this:
INSTALLED_APPS = [ ..., corsheaders, ...]
...
MIDDLEWARE = [
# on top
"corsheaders.middleware.CorsMiddleware",
"django.middleware.common.CommonMiddleware",
...
]
...
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True
当我尝试在 OPTIONS
方法之后在Google Chrome上执行 PATCH
请求时,得到以下信息:
When I'm trying to do a PATCH
request on Google Chrome after the OPTIONS
method I get this:
缺少Access-Control-Allow-Methods PATCH
,下一个请求因CORS方法错误而失败.
The Access-Control-Allow-Methods is missing PATCH
and the next request fails with CORS methods error.
但是我在Firefox上尝试了相同的方法,并且可以按预期工作.
But I tried the same method on Firefox and its working as intended.
推荐答案
似乎您需要显式设置允许的来源,而不是使用通配符,即 *
:
Seems like you need to set allowed origins explicitly, not by using the wildcard i.e. *
:
CORS_ALLOWED_ORIGINS = [
"https://example.com",
"https://sub.example.com",
"http://localhost:8080",
"http://127.0.0.1:9000"
]
还要设置所有HTTP动词:
Also, set all HTTP verbs:
CORS_ALLOW_METHODS = [
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
]
了解更多:
- https://pypi.org/project/django-cors-headers/
- Chrome跨域PATCH请求不起作用
-
CORS_ALLOW_ALL_ORIGINS = True
或CORS_ORIGIN_ALLOW_ALL = True
(旧名称)等于使用通配符*
:
- https://pypi.org/project/django-cors-headers/
- Chrome Cross-Domain PATCH request not working
CORS_ALLOW_ALL_ORIGINS = True
orCORS_ORIGIN_ALLOW_ALL = True
(OLD name) is equal to using wildcard*
: L131 django-cors-headers middleware.py file
这篇关于仅在Chrome上缺少带有corsheaders的补丁方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!