API Gateway react No Access Control Allow Origin header is present on the requested resource

In this post, we will see How To Fix Error – “CORS No ‘Access-Control-Allow-Origin’ Header is Present” in Django. Various facets of the same error in the same line –

This is one of the most common errors in Django or Django Rest Framework. Follow the steps below to fix this issue.

if( aicp_can_see_ads() ) {

}

Primitive Checks:

First thing first, do some primitive checks.

• Check the URL being used.

Did you miss a trailing slash(/) at the end of the URL ?  e.g. http://127.0.0.1:8000/dothis/  , http://localhost:8000/dothis/

Check the urls.py file in Django to cross-check correct urls are used.

You will be surprised – how many times, just missing a small slash can cause this error.

if( aicp_can_see_ads() ) {

}

• Are you using wrong URL-ENDPOINT ? Make sure the url end-points are correct. You will save yourself a lot of trouble and time !

• Are you using localhost or 127.0.0.1 ? Are they present within /etc/hosts file ?

• Did you clear the browser cache and then try the solution ? Cache can create issues sometimes. Do a Hard-Refresh(Reset) of the browser .

If you checked this bit and are sure you are using the right URL and still getting the same error, then proceed on the following steps.

Remember to use the Primitive Checks even after you are done with all the steps below.

if( aicp_can_see_ads() ) {

}

Step 1:

In this step, we are going to install django-cors-headers i.e. add Cross-Origin Resource Sharing (CORS) headers to responses. This will allow the in-browser requests to the Django app from various origins.

Adding CORS headers, will allow the resources to be accessed by other domains.

But be aware of the implications before you add the headers. Otherwise you could be opening up a security hole by making site’s private data to accessible to others.

Step 2:

Modify the Django Settings.py file to accommodate the installed django-cors-headers.

if( aicp_can_see_ads() ) {

}

• Add the below Highlighted to the INSTALLED_APPS.

Step 3:

Modify the Django Settings.py file

• Add the below to the MIDDLEWARE  section.
  • “corsheaders.middleware.CorsMiddleware” should be placed on top of the list within MIDDLEWARE – BEFORE any kind of other middlewares which generate responses. (e.g. CommonMiddleware, WhiteNoiseMiddleware etc.). This will help to add the CORS headers to the responses. Otherwise that process will be skipped.
  • django.middleware.security.SecurityMiddleware & SessionMiddleware should be BEFORE CorsMiddleware
•  The entities in the MIDDLEWARE section must be in the correct sequence – Otherwise they might throw this error.

• “CORS_REPLACE_HTTPS_REFERER” , if used, has to be placed BEFORE CsrfViewMiddleware . This is because “CorsMiddleware” will change the Referer header. That will lead to pass Django’s CSRF checks whenever the CORS checks are a pass. Default is a False.

Step 4:

Modify the Django Settings.py file. You have to set the fields for at least one amongst the lots –

if( aicp_can_see_ads() ) {

}

• CORS_ALLOWED_ORIGINS (Old name – “CORS_ORIGIN_WHITELIST”)
• CORS_ALLOWED_ORIGIN_REGEXES,
• CORS_ALLOW_ALL_ORIGINS (Old name – CORS_ORIGIN_ALLOW_ALL)

So let’s do it.

• Make Changes to CORS_ALLOWED_ORIGINS (Old name – “CORS_ORIGIN_WHITELIST”). You can still use the old name (works as an alias in the background).

Here basically you are setting a bunch of origins – which are authorized to make cross-site HTTP requests. The origins in this list are allowed. The requesting origin will be passed back towards the client through the Access-Control-Allow-Origin header.

• There is another field called “CORS_ALLOW_ALL_ORIGINS” (Old name – CORS_ORIGIN_ALLOW_ALL).  If you set that to “True”, all origin related restrictions are ignored. And thereby it renders “ALL” origins as “ALLOWED”. This is dangerous in production. Don’t use that field except in localhost.

This is an optional step to check if all the above doesn’t work at all.

if( aicp_can_see_ads() ) {

}

Optional Step :

Manually add headers as shown below –

If you had tried all the steps and still see the issue, then go back to “Primitive Checks” section and refer the points.

if( aicp_can_see_ads() ) {

}

Hope this helps to fix the error.

if( aicp_can_see_ads() ) {

}

Other Interesting Reads –

• How to Send Large Messages in Kafka ?

• Fix Spark Error – “org.apache.spark.SparkException: Failed to get broadcast_0_piece0 of broadcast_0”

• How to Handle Bad or Corrupt records in Apache Spark ?

• How to use Broadcast Variable in Spark ?

• How to log an error in Python ?

• How to Code Custom Exception Handling in Python ?

• How to Handle Errors and Exceptions in Python ?

• How To Fix – “Ssl: Certificate_Verify_Failed” Error in Python ?

• How to Send Large Messages in Kafka ?

• Fix Spark Error – “org.apache.spark.SparkException: Failed to get broadcast_0_piece0 of broadcast_0”

• How to Handle Bad or Corrupt records in Apache Spark ?

• How to use Broadcast Variable in Spark ?

• Best Practices for Dependency Problem in Spark

• Sample Code – Spark Structured Streaming vs Spark Streaming

• Sample Code for PySpark Cassandra Application

• How to Enable UTF-8 in Python ?

• How to log an error in Python ?

• Sample Python Code To Read & Write Various File Formats (JSON, XML, CSV, Text)

• How to Handle Errors and Exceptions in Python ?

• How to Handle Bad or Corrupt records in Apache Spark ?

• How To Fix – Partitions Being Revoked and Reassigned issue in Kafka ?

if( aicp_can_see_ads() ) {

if( aicp_can_see_ads() ) {

}

}

How do I fix the CORS issue in API gateway?

How do I enable CORS for API gateway?

How do I fix CORS header Access

How do I fix CORS error in react?