django-cors-middleware Access-Control-Allow-Origin not returned

Access-Control-Allow-Origin not returned

Open guocheng opened this issue 9 years ago • 4 comments

When I set CORS_ORIGIN_ALLOW_ALL = True, I can see Access-Control-Allow-Origin: * in the response header. However, when I set it to false, and use white list, I cannot see Access-Control-Allow-Origin in the response header.

CORS_ORIGIN_ALLOW_ALL = False

CORS_ORIGIN_WHITELIST = (
    '127.0.0.1',
)

I did supply Origin in the header.

Apr 08 '16 08:04 guocheng

Thanks for the report. We check it soon.

Apr 18 '16 15:04 gustavi

Hello, Any news on this ?

May 18 '16 08:05 Crocmagnon

No time atm. In my TODO list but a PR is welcom !

May 18 '16 08:05 gustavi

@guocheng, what are you passing as Origin in the request header?

From code inspection this should work if you pass Origin: http://127.0.0.1, however if instead Origin: 127.0.0.1, an Access-Control-Allow-Origin header wouldn't be set.

Jun 07 '16 01:06 edmorley

django-cors-middleware django-cors-middleware copied to clipboard

Access-Control-Allow-Origin not returned

django-cors-middleware
django-cors-middleware copied to clipboard