Access-Control-Allow-Origin not returned #14

guocheng · 2016-04-08T08:37:55Z

When I set CORS_ORIGIN_ALLOW_ALL = True, I can see Access-Control-Allow-Origin: * in the response header. However, when I set it to false, and use white list, I cannot see Access-Control-Allow-Origin in the response header.

CORS_ORIGIN_ALLOW_ALL = False

CORS_ORIGIN_WHITELIST = (
    '127.0.0.1',
)

I did supply Origin in the header.

The text was updated successfully, but these errors were encountered:

gustavi · 2016-04-18T15:38:21Z

Thanks for the report. We check it soon.

Crocmagnon · 2016-05-18T08:36:09Z

Hello,
Any news on this ?

gustavi · 2016-05-18T08:39:16Z

No time atm. In my TODO list but a PR is welcom !

edmorley · 2016-06-07T01:05:56Z

@guocheng, what are you passing as Origin in the request header?

From code inspection this should work if you pass Origin: http://127.0.0.1, however if instead Origin: 127.0.0.1, an Access-Control-Allow-Origin header wouldn't be set.

gustavi added the bug label Apr 18, 2016

gustavi added the ready label May 13, 2016

gustavi removed the ready label Jun 16, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Access-Control-Allow-Origin not returned #14

Access-Control-Allow-Origin not returned #14

guocheng commented Apr 8, 2016

gustavi commented Apr 18, 2016

Crocmagnon commented May 18, 2016

gustavi commented May 18, 2016

edmorley commented Jun 7, 2016

Access-Control-Allow-Origin not returned #14

Access-Control-Allow-Origin not returned #14

Comments

guocheng commented Apr 8, 2016

gustavi commented Apr 18, 2016

Crocmagnon commented May 18, 2016

gustavi commented May 18, 2016

edmorley commented Jun 7, 2016