Matthew Lin Matthew Lin - 4 months ago 22
Python Question

Django CORS X-FirePHP-Version

I am getting the following error message when I try to access my endpoints.

Request header field X-FirePHP-Version is not allowed by Access-Control-Allow-Headers in preflight response.


This is how my settings.py file looks

INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'api.apps.ApiConfig',
'django_server',
'corsheaders', # For Cross-Origin Resource Sharing
]

CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = False

Answer

If you have additional headers that are going to be in your requests to a CORS enabled server, you should specify those in the CORS_ALLOW_HEADERS django-cors setting. This should solve it, but I would double check to make sure those headers are supposed to be there.

# In your project's settings.py

CORS_ALLOW_HEADERS = (
    'x-requested-with',
    'content-type',
    'accept',
    'origin',
    'authorization',
    'x-csrftoken',
    'x-firephp-version',  # Added to default list
)

# more settings...

Under the hood this simply sets the Access-Control-Request-Headers header on your server's responses.