0

I am learning with Django and Angular.

I have setup a Django API back-end on on http://serverip:8666/athletics/

I have created a small Angular application that I am running from my local machine.

The following code in my Angular app:

$scope.list_athletes = function(){

    console.log('hey');

    $http
        .get('http://serverip:8666/athletics/')
        .success(function (result) {

            console.log('success');

        })

}

generates the error:

XMLHttpRequest cannot load http://serverip:8666/athletics/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:65356' is therefore not allowed access.

What causes this error? How can I resolve it so that I can access the Django API from my local Angular app?

Improve this question

2 Answers 2

Reset to default
2

The problem you're having is related to not having CORS enabled.

As a security policy, JavaScript can't make requests across domains while running in your browser. This is meant to prevent untrusted code from executing without the user's knowledge. The workaround is to enable CORS by white listing domains.

You need to set the Access-Control-Allow-Origin response header in your responses like so:

def my_view(request):
    data = json.dumps({'foo':'bar'})
    response = HttpResponse(data)
    response['Access-Control-Allow-Origin'] = 'http://127.0.0.1:65356'
    return response

This will enable CORS for your angular app. You can even add django-cors-headers to your project to have this functionality implemented for you. This can be added to any Django response object, such as django.http.repsonse.HttpResponse. Because you appear to be using a DRF Response object, you may need to use something like

return Response(serializer.data, headers={'Access-Control-Allow-Origin': 'http://127.0.0.1:65356'})

to set your response headers.

You should also check out this site for more information on how to enable CORS in your webapp.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Where should I add that line? Is it in the Django app? I only have one response in my simple Angular app. It is "return Response(serializer.data)"
Looks like django-rest-framework's Response object, so you could try 'return Response(serializer.data, headers={'Access-Control-Allow-Origin': 'http: //127.0.0.1:65356/'})
That worked, thanks! (I removed the space after http: and the / after the port number.)
0

Have you done the settings part in settings.py

INSTALLED_APPS = (
    'corsheaders',
)
MIDDLEWARE_CLASSES = (
    'corsheaders.middleware.CorsMiddleware',
)
CORS_ORIGIN_WHITELIST = (
  'http://127.0.0.1:65356'
)

And also include CORS_ALLOW_CREDENTIALS, CORS_ALLOW_HEADERS settings

Improve this answer

3 Comments

The previous answer worked. I have not done the settings you suggest. Are those settings an alternative solution?
yes. This is an important config you got to add in the settings to allow front end or other domains to access your Backend.
I couldn't get that to work. With your proposed method I got an error message that "XMLHttpRequest cannot load ... No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ... is therefore not allowed access.".

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.