Skip to content

Commit b66d1c0

Browse files
jdufresneauvipy
jdufresne
authored and
auvipy
committed
Document CORS errors and how to fix them
Fixes #1396
1 parent dfc863e commit b66d1c0

File tree

2 files changed

+45
-1
lines changed

2 files changed

+45
-1
lines changed

docs/changes.rst

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,14 @@ Change log
8585
:attr:`Panel.scripts <debug_toolbar.panels.Panel.scripts>` property.
8686
* Removed support for end of life Django 1.11. The minimum supported Django is
8787
now 2.2.
88-
88+
* The Debug Toolbar now loads a `JavaScript module`_. Typical local development
89+
using Django ``runserver`` is not impacted. However, if your application
90+
server and static files server are at different origins, you may see CORS
91+
errors in your browser's development console. See the "Cross-Origin Request
92+
Blocked" section of the :doc:`installation docs <installation>` for details
93+
on how to resolve this issue.
94+
95+
.. _JavaScript module: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Modules
8996

9097
2.2 (2020-01-31)
9198
----------------

docs/installation.rst

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110,3 +110,40 @@ need to be updated. This can be achieved, for example, by installing or
110110
updating the ``mailcap`` package on a Red Hat distribution, ``mime-support`` on
111111
a Debian distribution, or by editing the keys under ``HKEY_CLASSES_ROOT`` in
112112
the Windows registry.
113+
114+
Cross-Origin Request Blocked
115+
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
116+
117+
The Debug Toolbar loads a `JavaScript module`_. Typical local development using
118+
Django ``runserver`` is not impacted. However, if your application server and
119+
static files server are at different origins, you may see `CORS errors`_ in
120+
your browser's development console:
121+
122+
.. code-block:: text
123+
124+
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost/static/debug_toolbar/js/toolbar.js. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
125+
126+
Or
127+
128+
.. code-block:: text
129+
130+
Access to script at 'http://localhost/static/debug_toolbar/js/toolbar.js' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
131+
132+
To resolve, configure your static files server to add the
133+
`Access-Control-Allow-Origin header`_ with the origin of the application
134+
server. For example, if your application server is at ``http://example.com``,
135+
and your static files are served by NGINX, add:
136+
137+
.. code-block:: nginx
138+
139+
add_header Access-Control-Allow-Origin http://example.com;
140+
141+
And for Apache:
142+
143+
.. code-block:: apache
144+
145+
Header add Access-Control-Allow-Origin http://example.com
146+
147+
.. _JavaScript module: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Modules
148+
.. _CORS errors: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowOrigin
149+
.. _Access-Control-Allow-Origin header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

0 commit comments

Comments
 (0)