As a developer, CRUD operations are one of the most basic concepts to know. Today, I'll show you how to build a REST API using Django and Django Re...
For further actions, you may consider blocking this person and/or reporting abuse
As someone with a security research background it really hurts to see you noticed the cors problem, but still used the bad solution anyways.
My suggestion for the future: implement a secure version in your tutorials and point people at the documentation for how to change it.
Bonus points: You might get more interaction with your tutorials when people who modify it get stuck at the security and ask you for what they might have done wrong ๐
Other than that this is a really great tutorial for getting started with react and drf.
I've learned both on the job and only in an already existing project. I would've been glad for such an entry level tutorial 2 years ago.
Thanks for your comment.
And I knew it would embarrass some readers to see that Iโve consciously neglect this CORS problem. Actually I love your suggestion and I think that Iโll modify the article to fit it, because it will help beginners to learn too.
Thanks a lot. ๐
It might be a good idea to update the react router to its new version :)
Great idea! Ty
Great tutorial thanks, I just get one small issue and I am not sure why.
when I include the headers on the axios requests:
...axios
.get(
${baseURL}/menu/, {headers: {
headers,
},
})....
I get the below error:
Access to XMLHttpRequest at 'localhost:8000/api/menu/4/' from origin 'localhost:3000' has been blocked by CORS policy: Request header field headers is not allowed by Access-Control-Allow-Headers in preflight response.
As soon as I remove the headers from the axios requests:
...axios
.get(
${baseURL}/menu/).then(...
all is working 100%, what am I doing wrong lol ?
A little bit strange. Have you install the CORS package on the Django server side?
I got the same issue. When I changed the headers to not use the variable (and just put the "Content-type": "application/json" in directly), it worked.
This solution did not work for the add menu function with the post request. There, I had to remove the header completely to get it to work.
This is a great post!!
You can serialize all the fields without mentioning all of them in your serializer class like :
Still stuck with cors problem
Can you show me your CORS configuration on
settings.py?Also, on which address the react server is running?
Hi, I'm starting to code and I want to know why do you use django instead of node.js? Thanks.