0

我正在使用 django 的 spotify API/spotipy,并且需要用户登录他们的帐户才能访问他们的数据。我使用了“pip3 install django-cors-headers”并将适当的部分添加到 settings.py。

#settings.py
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'jazz_stuff.apps.JazzStuffConfig',
'corsheaders',
]

MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

CORS_ORIGIN_ALLOW_ALL = True

CSRF_TRUSTED_ORIGINS = (
    'localhost:8000',
)

#views.py
def callSpotify(request):
if request.method == 'POST':
    if request.is_ajax():
        sp_oauth = oauth2.SpotifyOAuth( SPOTIPY_CLIENT_ID, SPOTIPY_CLIENT_SECRET,SPOTIPY_REDIRECT_URI, scope=SCOPE,cache_path=CACHE)
        url = sp_oauth.get_authorize_url()
        return HttpResponseRedirect(url)
return None

即使这样,我仍然收到有关缺少 access-control-allow-origin 标头的错误,并且 spotify 登录页面没有打开。

jquery.min.js:2 XHR 完成加载:GET " http://localhost:8000/callSpotify/ "。

(索引):1 加载失败https://accounts.spotify.com/authorize?client_id=14c8a7dfd5804fb5994243e69bb7606f&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fcallback%2F&scope=user-modify-playback-state+user- top-read&show_dialog=True:对预检请求的响应未通过访问控制检查:请求的资源上不存在“Access-Control-Allow-Origin”标头。因此,不允许访问源“ http://localhost:8000 ”。

XHR 完成加载:选项“ https://accounts.spotify.com/authorize?client_id=14c8a7dfd5804fb5994243e69bb7606f&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fcallback%2F&scope=user-modify-playback-state+user-top-阅读&show_dialog=真“。

我应该如何进行,以免出现 cors 错误?

编辑:添加标题

一般的

Request URL: https://accounts.spotify.com/authorize?client_id=14c8a7dfd5804fb5994243e69bb7606f&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fcallback%2F&scope=user-modify-playback-state+user-top-read&show_dialog=True
Request Method: OPTIONS
Status Code: 204 No Content
Remote Address: 104.154.127.47:443
Referrer Policy: no-referrer-when-downgrade

响应标头

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Date: Wed, 14 Mar 2018 06:31:56 GMT
Keep-Alive: timeout=600
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=edge

要求

Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,fr;q=0.8
Access-Control-Request-Headers: x-csrftoken,x-requested-with
Access-Control-Request-Method: GET
Connection: keep-alive
Host: accounts.spotify.com
Origin: http://localhost:8000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36
4

1 回答 1

0

尝试将这些行添加到您的 settings.py

# Corsheaders settings
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_WHITELIST = (
    '*'
)

尝试这个....

于 2018-03-13T04:30:47.577 回答