Django's CORS_ALLOWED_ORIGINS and CORS_ALLOW_ALL_ORIGINS not working
I have a very strange problem with Django's corsheaders. I have tried all sorts of permutations and combinations by playing with all the possible settings but of no use.
My current settings look like this:
ALLOWED_HOSTS = ['*'] CORS_ALLOWED_ORIGINS = ['*'] CORS_ALLOW_ALL_ORIGINS = True
This is still causing the following error when the frontend sends an API request:
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I am not sure what else needs to be added, please let me know if I am missing anything here.
I have already added
'corsheaders' in INSTALLED_APPS and also
'corsheaders.middleware.CorsMiddleware'in the MIDDLEWARE list (on top)
I have tried adding domains one by one in the lists and verified by loading the changes, but still nothing worked. Even though I have now allowed for any origin and any host to send cross-origin requests, it is still throwing the CORS error.
If you use credentials, you aren't allowed to use
* (CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true).
Set specific urls.