I have enabled CORS in Django, with "django-cors":
After following the installation steps here, I have set the following:
CORS_ORIGIN_ALLOW_ALL = False
CORS_ORIGIN_WHITELIST = (
Status Code:301 MOVED PERMANENTLY
Access-Control-Allow-Headers:x-requested-with, content-type, accept, origin, authorization, x-csrftoken, user-agent, accept-encoding
Access-Control-Allow-Methods:GET, POST, PUT, PATCH, DELETE, OPTIONS
Date:Thu, 17 Dec 2015 11:10:16 GMT
Accept-Encoding:gzip, deflate, sdch
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
I finally managed to resolve the problem. The problem was because of improper API naming.
My colleague had named the API as follows:
And when I would call "/users", then because of django's "APPEND_SLASH" setting, it was doing a permanent redirect to "/users/". Here's what the django documentation says about APPEND_SLASH:
When set to True, if the request URL does not match any of the patterns in the URLconf and it doesn’t end in a slash, an HTTP redirect is issued to the same URL with a slash appended. Note that the redirect may cause any data submitted in a POST request to be lost. The APPEND_SLASH setting is only used if CommonMiddleware is installed.
Of course, the simplest (and best) way of resolving this problem, is to update the API url by removing the slash, i.e.
Then it would match the URL directly, and no redirect will be issued.
However, in case someone really wants to keep the trailing slash in the API, then you can still make it work, by adding the following code in AngularJS:
resourceProvider.defaults.stripTrailingSlashes = false; RestangularProvider.setRequestSuffix('/');
The above is however not recommended, but since it came out of my experiments, I am sharing it anyways.