Django tastypie XMLHttpRequest cannot load

Question

i have been reading about XMLHttpRequest for the past hour, but i can seem to make this work.. So, i have a django server with tastypie and a JavaScript client on another server/port, and when i try to do a jquery post i get a

XMLHttpRequest cannot load http://127.0.0.1:8000/api/smart/rating/. Origin http://localhost is not allowed by Access-Control-Allow-Origin.

I get Xmlthhprequest error message on the client-side

Django code:

class RatingResource(ModelResource):
city = fields.ForeignKey(CityResource, 'city')
user = fields.ForeignKey(UserResource, 'user')
class Meta:
    queryset = Rating.objects.all()
    resource_name = 'rating'
    #authentication = BasicAuthentication()
    #authorization = DjangoAuthorization()

My jquery call posting from localhost:80 to localhost:8000:

$('#star').raty({
  path: "../assets/img/",
  score    : rating,
  click : function(score, evt) {
      window.rate_app = score;
      var url = "http://127.0.0.1:8000/api/smart/rating/";
      //var comment = $('#textarea').val();
      var comment = "teste do php";
      console.log(cityId);  
      $.post(url,{city : '/api/smart/city/'+cityId+'/' ,comment : comment,id:'4',resource_uri:'/api/smart/rating/4/',rating : score, user: '/api/smart/auth/user/2/'},function(data,status){
          if (data=="error")
              console.log("error");
          else
              console.log("success");
      });

  }
});

UPDATE:

HTTP/1.0 401 UNAUTHORIZED

curl --dump-header - -H "Content-Type: application/json" -X POST --data '{"city": "/api/smart/city/35/", "comment": "teste do php", "id": "4", "resource_uri": "/api/smart/rating/4/", "rating": "3","user_id": "/api/smart/auth/user/2/"}' `http://localhost:8000/api/smart/rating/`
HTTP/1.0 401 UNAUTHORIZED
Date: Mon, 08 Apr 2013 10:52:44 GMT
Server: WSGIServer/0.1 Python/2.7.3
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST,GET,OPTIONS,PUT,DELETE
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Headers: Content-Type,*
Access-Control-Allow-Credentials: true

what am i doing wrong?

what is the url from which you are actually making the request. It seems like your browser thinks its a cross orgin request — dusual, Apr 05 '13 at 16:45

score 1 · Accepted Answer · edited May 23 '17 at 12:13

1

Hi I think you are essentially making a cross origin request.

To initiate a cross-origin request, a browser sends the request with an Origin HTTP header. The value of this header is the site that served the page.

To allows the request, it sends an Access-Control-Allow-Origin header in its response. The value of the header indicates what origin sites are allowed.

Access-Control-Allow-Origin: localhost:80

Essentially you need to allow an options request on your server side which sends back the Access-Control-Allow-Origin header

Please go through this for a better idea

Cross domain POST query using Cross-Origin Resource Sharing getting no data back

edited May 23 '17 at 12:13

Community

1
1

answered Apr 05 '13 at 18:20

dusual

2,097
3
19
26

but i am using the django tastypie default resource setup, so that tastypie creates a new resource automatically on a post.. should i change it to look more like this answer http://stackoverflow.com/a/5260062/977622 ? isn't there an easier way? – psychok7 Apr 05 '13 at 18:40
You can try adding a middleware for handling or something.https://gist.github.com/strogonoff/1369619 Tastypie has support for options see this : https://github.com/toastdriven/django-tastypie/pull/70 – dusual Apr 05 '13 at 20:09
i am almost there i think, now i only get an internal server error on django, this is my json: http://paste.ubuntu.com/5688899/ any ideas why? – psychok7 Apr 08 '13 at 09:44
too little information can you show me the traceback on django side – dusual Apr 08 '13 at 10:06
i dont get any traceback with the $.post, only a 500 internal server error, but with an $.ajax i get this http://paste.ubuntu.com/5688965/ – psychok7 Apr 08 '13 at 10:10
Still not very clear but its jsoncodeerror , i think you are sending a n extra quote or something – dusual Apr 08 '13 at 10:12
this is my post, doenst it look ok to you: curl --dump-header - -H "Content-Type: application/json" -X POST --data '{city: "/api/smart/city/35/", comment: "teste do php", id: "4", resource_uri: "/api/smart/rating/4/", rating: "3",user_id: "/api/smart/auth/user/2/"}' http://127.0.0.1:8000/api/smart/rating/ – psychok7 Apr 08 '13 at 10:22
i added some more detail in the original post – psychok7 Apr 08 '13 at 10:25
i fixed that error, it was the quotes but i now get a HTTP/1.0 401 UNAUTHORIZED, but my resources have no authorization.. – psychok7 Apr 08 '13 at 10:56
What version of django are you on ? django after 1.2 or 1.3 added a CSRF middleware for all requests https://docs.djangoproject.com/en/dev/ref/contrib/csrf/ I have a good feeling your requests are stopping because of that – dusual Apr 08 '13 at 11:02
Django 1.4 and django tastypie 0.9.14, how do i had the csrf to my curl request? i am first trying with curl, then i am going to try with the javascript when i know it works – psychok7 Apr 08 '13 at 11:05
i am starting to think it has something to do with this xhr middleware i added now.. when i do a $post call from jquery it gives me an the 401 unauthorized, while i have no authorizations – psychok7 Apr 08 '13 at 11:21
GOT IT WORKING.. it was a default read only authorization in tastypie, thanks for your help – psychok7 Apr 08 '13 at 11:25

Django tastypie XMLHttpRequest cannot load

1 Answers1