How can I enable CORS on Django REST Framework

Question

How can I enable CORS on my Django REST Framework  the reference doesn t help much  it says that I can do by a middleware  but how can I do that

User · Answer

For Django versions   1 10  according to the documentation  a custom MIDDLEWARE can be written as a function  let s say in the file  yourproject middleware py  as a sibling of settings py    def open access middleware get response       def middleware request           response   get response request          response  Access-Control-Allow-Origin                 response  Access-Control-Allow-Headers                 return response     return middleware   and finally  add the python path of this function  w r t  the root of your project  to the MIDDLEWARE list in your project s settings py   MIDDLEWARE                django middleware clickjacking XFrameOptionsMiddleware      yourproject middleware open access middleware      Easy peasy

User · Answer

The link you referenced in your question recommends using django-cors-headers  whose documentation says to install the library pip install django-cors-headers  and then add it to your installed apps  INSTALLED APPS                  corsheaders              You will also need to add a middleware class to listen in on responses  MIDDLEWARE CLASSES                  corsheaders middleware CorsMiddleware        django middleware common CommonMiddleware              Please browse the configuration section of its documentation  paying particular attention to the various CORS ORIGIN  settings  You ll need to set some of those based on your needs

User · Answer

Below are the working steps without the need for any external modules   Step 1  Create a module in your app    E g  lets assume we have an app called user registration app  Explore user registration app and create a new file   Lets call this as custom cors middleware py  Paste the below Class definition   class CustomCorsMiddleware      def   init   self  get response           self get response   get response           One-time configuration and initialization       def   call   self  request             Code to be executed for each request before           the view  and later middleware  are called           response   self get response request          response  Access-Control-Allow-Origin                 response  Access-Control-Allow-Headers                    Code to be executed for each request response after           the view is called           return response   Step 2  Register a middleware  In your projects settings py file  add this line    user registration app custom cors middleware CustomCorsMiddleware   E g     MIDDLEWARE              user registration app custom cors middleware CustomCorsMiddleware     ADD THIS LINE BEFORE CommonMiddleware                       django middleware common CommonMiddleware            Remember to replace user registration app with the name of your app where you have created your custom cors middleware py module   You can now verify it will add the required response headers to all the views in the project

User · Answer

Well  I don t know guys but   using here python 3 6 and django 2 2  Renaming MIDDLEWARE CLASSES to MIDDLEWARE in settings py worked

User · Answer

In case anyone is getting back to this question and deciding to write their own middleware  this is a code sample for Django s new style middleware -   class CORSMiddleware object       def   init   self  get response           self get response   get response      def   call   self  request           response   self get response request          response  Access-Control-Allow-Origin                  return response

User · Answer

pip install django-cors-headers   and then add it to your installed apps   INSTALLED APPS                  corsheaders               You will also need to add a middleware class to listen in on responses   MIDDLEWARE CLASSES                  corsheaders middleware CorsMiddleware          django middleware common CommonMiddleware                CORS ORIGIN ALLOW ALL   True   If this is used then  CORS ORIGIN WHITELIST  will not have any effect CORS ALLOW CREDENTIALS   True CORS ORIGIN WHITELIST          http   localhost 3030       If this is used  then not need to use  CORS ORIGIN ALLOW ALL   True  CORS ORIGIN REGEX WHITELIST          http   localhost 3030       more details  https   github com ottoyiu django-cors-headers  configuration  read the official documentation can resolve almost all problem

User · Answer

Django 2 2 12 django-cors-headers 3 2 1 djangorestframework 3 11 0    Follow the official instruction doesn t work  Finally use the old way to figure it out   ADD     proj middlewares py from rest framework authentication import SessionAuthentication   class CsrfExemptSessionAuthentication SessionAuthentication        def enforce csrf self  request           return    To not perform the csrf check previously happening     proj settings py  REST FRAMEWORK          DEFAULT AUTHENTICATION CLASSES              proj middlewares CsrfExemptSessionAuthentication

User · Answer

You can do by using a custom middleware  even though knowing that the best option is using the tested approach of the package django-cors-headers  With that said  here is the solution   create the following structure and files   -- myapp middleware   init   py  from corsMiddleware import corsMiddleware   -- myapp middleware corsMiddleware py  class corsMiddleware object       def process response self  req  resp           resp  Access-Control-Allow-Origin                 return resp   add to settings py the marked line   MIDDLEWARE CLASSES          django contrib sessions middleware SessionMiddleware        django middleware common CommonMiddleware        django middleware csrf CsrfViewMiddleware          Now we add here our custom middleware       app name middleware corsMiddleware   lt ---- this line

[python] How can I enable CORS on Django REST Framework

Examples related to python

Examples related to django

Examples related to cors

Examples related to django-rest-framework

Examples related to middleware