从Origin' http:// localhost访问** link **获取访问:3000' CORS政策已阻止
我正在尝试将授权代码用于Google日历集成的访问令牌。我正在关注使用oauth 2.0用于Web服务器应用程序。其中显示的示例是用于烧瓶,但我正在使用Django。问题是,我不能重定向到授权
>通过CORS策略:对飞行前请求的响应不会传递访问控制检查:在请求的资源上没有“访问控制”标题。 ,
@api_view(['GET'])
def authorize(request):
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
CLIENT_SECRETS_FILE,
scopes=SCOPES)
flow.redirect_uri = 'http://localhost:3000/'
authorization_url, state = flow.authorization_url(
access_type='offline',
include_granted_scopes='true')
response = redirect(authorization_url)
return response
但是在我的设置中。
CORS_ALLOWED_ORIGINS = [
"http://localhost:3000",
"http://127.0.0.1:3000",]
MIDDLEWARE = [
"corsheaders.middleware.CorsMiddleware",
"django.middleware.common.CommonMiddleware",
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
I'm trying to exchange the authorization code for an access token for a Google Calendar integration. I was following Using OAuth 2.0 for Web Server Applications. The examples shown there were for Flask, but I'm using Django. The problem is, I can't redirect to authorization_url because it says
Access to fetch at link from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
@api_view(['GET'])
def authorize(request):
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
CLIENT_SECRETS_FILE,
scopes=SCOPES)
flow.redirect_uri = 'http://localhost:3000/'
authorization_url, state = flow.authorization_url(
access_type='offline',
include_granted_scopes='true')
response = redirect(authorization_url)
return response
However in my settings.py I have:
CORS_ALLOWED_ORIGINS = [
"http://localhost:3000",
"http://127.0.0.1:3000",]
MIDDLEWARE = [
"corsheaders.middleware.CorsMiddleware",
"django.middleware.common.CommonMiddleware",
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以查看此软件包: https://pypi.org/project/project/project/django---- CORS-HEADERS/
因此,您可以尝试在Django设置中将其添加到“可信赖的起源”中:
或者是这样的,对于所有起源(不建议):
You can have a look at this package: https://pypi.org/project/django-cors-headers/
So you can try to add the origin to "Trusted Origins" in Django settings:
or like that, for all origins (do not recommend):