0

Sorry, I know this is kind of 2 quetions in one, but there may be a resource out there that can fix both my problems. I have a webapp that I have created with Django that I am loading into an iframe of a wordpress site that I have started testing.

At the moment it works as designed on google chrome, my android phone, and iphones. However I am having a CSRF token issue when I 'POST' from the iframe only when using an ipad.

I am also not able to load in internet explorer, getting a CORS error after going through the "django-cors-headers" documentation.

I have both X-frame-options and Cors whitelist allowing the site to host the iframe.

I am lost as to why the app can work fine in a couple of settings and not in others - or if the errors may just be due to individualized settings on the devices I am testing on. If anyone can help in any way it would be greatly appreciated!

Adam Laird
  • 109
  • 9

1 Answers1

0

You could refer to this thread, checking if you have followed all the steps of using django-cors-headers library. Please also check the Django version you use, the library doesn't support Django version < 1.11. And in this thread, it shows that CORS_ORIGIN_WHITELIST works fine as a string but not as a tuple. Please confirm that you have used the right form.

For the CORS error in IE, the server must attach the following headers to all responses, you could check this article for more information. You could also refer to this blog which provides another way to handle the CORS issue in IE.

Access-Control-Allow-Origin: http://example.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
Access-Control-Allow-Headers: Overwrite, Destination, Content-Type, Depth, User-Agent, Translate, Range, Content-Range, Timeout, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Location, Lock-Token, If
Access-Control-Expose-Headers: DAV, content-length, Allow
Yu Zhou
  • 11,532
  • 1
  • 8
  • 22