我正在尝试将 Auth ADFS 与 Django 应用程序和 Angular 集成,但我不断收到 CORS 错误。 我尝试了一切,但似乎没有任何效果。
Access to XMLHttpRequest at 'https://login.microsoftonline.com/{your-tenant-id}/oauth2/v2.0/authorize?client_id={your-client-id}&response_type=token&redirect_uri={your-redirect-uri}=openid' (redirected from 'http://localhost:8080/api/base/login/') from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
我的设置.py
ALLOWED_HOSTS = ['*']
# Application definition
INSTALLED_APPS = [
'base_app',
'django_crontab',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'corsheaders',
'customer_account',
'upload_data',
'project',
'django_auth_adfs',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'corsheaders.middleware.CorsPostCsrfMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django_auth_adfs.middleware.LoginRequiredMiddleware',
]
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'django_auth_adfs.rest_framework.AdfsAccessTokenAuthentication',
'rest_framework.authentication.TokenAuthentication',
),
# 'DEFAULT_PERMISSION_CLASSES': (
# 'rest_framework.permissions.IsAdminUser'
# ),
'DEFAULT_RENDERER_CLASSES': (
'rest_framework.renderers.JSONRenderer',
),
# 'EXCEPTION_HANDLER': 'rest_framework.views.exception_handler'
'EXCEPTION_HANDLER': 'utils.exceptionhandler.custom_exception_handler'
}
CORS_ALLOW_HEADERS = default_headers + (
'Access-Control-Allow-Origin',
)
CORS_ALLOW_METHODS = [
'GET',
'POST',
'PUT',
'PATCH',
'DELETE',
'OPTIONS',
]
CORS_ORIGIN_ALLOW_ALL = True
......
AUTH_ADFS = {
'AUDIENCE': CLIENT_ID,
'CLIENT_ID': CLIENT_ID,
'CLIENT_SECRET': CLIENT_SECRET,
'CLAIM_MAPPING': {
# 'first_name': 'given_name',
# 'last_name': 'family_name',
'email': 'upn',
},
'GROUPS_CLAIM': 'roles',
'MIRROR_GROUPS': True,
'USERNAME_CLAIM': 'upn',
'TENANT_ID': TENANT_ID,
'RELYING_PARTY_ID': CLIENT_ID,
}
Django API:
@api_view(['GET'])
def loginAPI(request):
return JsonResponse({"message": "Login Page Successful"})
角度函数:
export class LoginPageComponent implements OnInit {
private apiUrl = 'http://127.0.0.1:8000/base/loginAPI'; // Make sure this URL is correct
data: any;
constructor(private dataService: DataService, private http: HttpClient, @Inject(PLATFORM_ID) private platformId: Object) { }
ngOnInit() {
if (isPlatformBrowser(this.platformId)) {
this.redirectToApi();
}
}
redirectToApi() {
this.http.get(this.apiUrl).subscribe(
(response) => {
this.data = response;
console.log(this.data);
},
(error) => {
console.error('Error fetching data:', error);
}
);
}
}
邮递员测试:
API http://127.0.0.1:8000/base/loginAPI通过 Postman 测试时工作正常。
我尝试过的:
在settings.py中配置CORS设置,如上所示。 确保中间件设置正确。 已验证 API 在 Postman 中是否有效。 尽管做出了这些努力,我仍然遇到 CORS 错误。任何有关如何解决此问题的帮助将不胜感激!
提前致谢!
您是否尝试过在 ADFS 中配置 CORS?
链接是这里。