Skip to content

Instantly share code, notes, and snippets.

@maratumba

maratumba/Django_CORS.md

Created December 4, 2021 10:10
Show Gist options
  • Save maratumba/4a6643ee2eeb4c752da60d4c133d34b3 to your computer and use it in GitHub Desktop.
Save maratumba/4a6643ee2eeb4c752da60d4c133d34b3 to your computer and use it in GitHub Desktop.
Download ZIP
Troubleshoot Django CORS problems
Raw
Django_CORS.md

Every now and then I come across the CORS issue again and again. Here's a check list I made for myself for troubleshooting.

  1. Check the app is installed and is in the right place. It should be after 'rest_framework' and before your own apps (not in docs but in SO):
INSTALLED_APPS = [
    "rest_framework",
    ...,
    "corsheaders",
    ...,
    "myapp",
    ...,
]
  1. Check the middleware is included in correct order. It should be as early as possible:
MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "corsheaders.middleware.CorsMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    ...,
]
  1. Check the values of these setting variables in your shell:
CORS_URLS_REGEX
CORS_ALLOWED_ORIGINS
CORS_ORIGIN_ALLOW_ALL
CORS_ALLOW_ALL_ORIGINS

Remember CORS_URLS_REGEX is still used even though you might have CORS_ALLOWED_ORIGINS and/or CORS_ORIGIN_ALLOW_ALL. Make sure all your valid CORS requests obey CORS_URLS_REGEX. Refer to the docs on how conflicting variables are resolved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment