0

I am trying to attach my Angular front end to my Django backend. To do this I have created my own source of session control. I have added this to my view...

from django.views.decorators.csrf import csrf_exempt

@require_POST
@csrf_exempt
def my_view_function(request):
    # do something

I have this code on my actual server, and I am hosting Angular locally. When I submit a request I get this error in the google chrome console:

Access to XMLHttpRequest at 'https://fake_real_url/signin/checkemail/' from origin 'https://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

And the apache server log says

Forbidden (CSRF cookie not set.): /signin/checkemail/

I thought that csrf_exempt would fix this issue? Am I missing something?

Dylan Cronkhite
  • 423
  • 1
  • 8
  • 15
  • Yes, you're missing the entire CORS preflight... – thebjorn Apr 11 '19 at 04:50
  • Could you explain a bit? I don't know what CORS preflight is – Dylan Cronkhite Apr 11 '19 at 05:04
  • SO isn't a good forum for tutorial style content, google is your friend though (e.g. https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS, or https://stackoverflow.com/questions/10636611/how-does-access-control-allow-origin-header-work/10636765#10636765) – thebjorn Apr 11 '19 at 14:46

0 Answers0