Cannot POST files using CORS_ALLOW_CREDENTIALS = True and CORS_ORIGIN_ALLOW_ALL = True
#601
Comments
|
Closing due to age. There's not enough information here to determine the bug, but it's probably a CSRF issue. The blocked response should be read in network tools to check. |
|
@Myzel394 did you ever solve this? I am having this issue as well |
|
@JMIdeaMaker I found a workaround for my case. I started chrome without security features. This way everything suddenly worked without any cors pain. But keep in mind, that if you are using multiple domains, you still have to find a solution for this. This here will only work in development and in production when your frontend and backend is on the same domain. EDIT |
|
Never EVER use Chrome with |
|
It's just for debugging purposes. When you're not using it for everyday
surfing, there should nothing be to worried about.
…On Sun, Jun 20, 2021, 10:54 Adam Johnson ***@***.***> wrote:
Never EVER use Chrome with --disable-web-security, or advise others to do
so.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#601 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AMAWUXGMTJACJDU3LN4DTRLTTWUDPANCNFSM4VBMXKGQ>
.
|
|
I'm also having this issue |
django-cors-headersand followed docsHere are my setting
When I now try to upload files (
Content-Type = multipart/form-data), I get the following error:Firefox:
Chrome:
I checked it and indeed, the
Access-Control-Allow-Origin'header is missing. I configured everything according to docs, so I think this must be an issue. Please let me know if you know a solution to this.The text was updated successfully, but these errors were encountered: