API calls from Swagger UI page fail while running the project at "localhost:8000" due to CORS #3593
Comments
|
Hum, that's a good point. What is the implication of the second option, if we remove This config was suggested in the code review, and at the time it seemed like a good idea. However, given this extra problem with CORS policy, it now seems not so great. We could set it to the right values in (Just my ideas at a glance, I haven't looked into it in details yet) |
|
Tools like https://stoplight.io can use the SERVERS to generate code samples of requests pointing to the "correct" domain. |
yes, it will use the current host. Sample request when running on |
What happened?
use_drf: yhttp://localhost:8000/api/docs/, the API call fails due to CORS policyWhat should've happened instead?
The API call should have worked with no issues
Additional details
The issue is due to project running on localhost:8000 while the
SERVERSoption in drf-spectacular settings has the urlhttp://127.0.0.1:8000.It seems like there is more than one option to fix this:
CORS_ALLOWED_ORIGINS = ["http://localhost:8000", "http://127.0.0.1:8000"]in local settings so that api calls fromlocalhost:8000work fine (django-cors-headers docs)SERVERSfrom drf-spectacularI'm leaning towards the second option and that's because I don't think it's a good idea to be able to make API call to a production server when working locally. Also, When the project is deployed to production, it doesn't make a lot of sense to see the option for making API calls to "127.0.01:8000" in the swagger UI page.
So, before creating a PR, I wanted to check if there are good reasons to keep
SERVERSin drf-spectacular settings (or maybe there is a better third option)The text was updated successfully, but these errors were encountered: