I know this is a classic issue but I did not find a solution for my particular case. All APIs work fine, while the DELETE API fails with CORS error. This happens only in production environment (OVH web cloud) This is my python backend code:
class UserDetail(APIView):
permission_classes = (IsAuthenticated,)
def get_object(self, pk):
try:
return User.objects.get(pk=pk)
except User.DoesNotExist:
raise Http404
def get(self, request, pk, format=None):
userSet = User.objects.filter(id=pk)
serializer = UserSerializer(userSet, many=True)
return Response(serializer.data)
def post(self, request, pk, format=None):
userSet = self.get_object(pk)
serializer = UserUpdateSerializer(userSet, data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def delete(self, request, pk, format=None):
user = self.get_object(pk)
user.delete()
return Response({'deleted user': pk}, status=status.HTTP_204_NO_CONTENT)
This is the .htaccess file put in django root folder:
If needed, I also share the response header content as displayed by the browser :
Error Message:
Access to XMLHttpRequest at 'https://api.xxxx.com/api/v1/users/11' from origin 'https://xxx.yyyy.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
