Django CORS and CRSF Issues

  Kiến thức lập trình

The Issue

I am at my wits end with CORS and CSFR issues. When I fix something I feelk like I am playing wack-a-mole when I fix something another element i not rendering. I am using django-cors-headers library. I have reviewed other Django CORS Questions, and tried to modify the suggestions but still getting inconsistent loading. I tried to make the most permissive configruations possible

Source Code and Output

The element that is not renderig is from docuseal, console output is

Access to image at 'https://docuseal.s3.amazonaws.com/se9pbobli54k4y03zqliyh91ssyj?response-content-disposition=inline%3B%20filename%3D%220.jpg%22%3B%20filename%2A%3DUTF-8%27%270.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAQXOPSUYTZ5CT2YNP%2F20240611%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240611T121805Z&X-Amz-Expires=14400&X-Amz-SignedHeaders=host&X-Amz-Signature=faded6e47a7668b5832bca56fe88b62454133cbe89f644cf1f06fcf0798c076a' from origin 'http://127.0.0.1:9555' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Here are my CORS & CSFR related settings:

REFERRER_POLICY = "strict-origin-when-cross-origin"
CSRF_COOKIE_NAME = "nhhc-csrf"
CSRF_FAILURE_VIEW = "nhhc.urls.permission_denied_handler"
SESSION_COOKIE_NAME = "nhhc-session"
CSRF_HEADER_NAME = "X_CSRFToken"
# CORS_ALLOWED_ORIGIN_REGEXES = [
#         r"^null$",
#         r"^http://localhost:[0-9]+$",
#         r"^http://127\.0\.0\.1:[0-9]+$",
#         r"^https://localhost:[0-9]+$",
#         r"^https://127\.0\.0\.1:[0-9]+$",
#         r"^https://docuseal.s3.amazonaws.com/*"
#      ]


CSRF_COOKIE_SECURE = False
CORS_ALLOW_PRIVATE_NETWORK = True
CSRF_COOKIE_DOMAIN = None
SESSION_COOKIE_SECURE = False
CORS_ORIGIN_ALLOW_ALL = True
SESSION_COOKIE_HTTPONLY = False
CORS_ALLOW_CREDENTIALS = True
CSRF_TRUSTED_ORIGINS = ["http://localhost"]

The Ask

Can someone offer input or resources on what I need to do to get this docseal element to render. If i have coinflicting settings.

LEAVE A COMMENT