We Keep Coding

Some static files can't be loaded because it is blocked by CORS policy (Django) even it is configured based on Django documentation

I faced an issue with a CORS policy and cannot see what is wrong.
I use Django framework and my static files are hosted in Azure Blob
So I am getting errors for these files and it says tuat Access-Control-Allow-Origin is not present:
What is strange that other files from the same host are loaded..
CORS settings looks like this:
ALLOWED_HOSTS = ['https://support.mdesk.lt', 'https://suppaccountstorage.blob.core.windows.net']
CORS_ORIGIN_ALLOW_ALL = False
CORS_ORIGIN_WHITELIST = (
'https://support.mdesk.lt',
'https://suppaccountstorage.blob.core.windows.net',
)
CSRF_TRUSTED_ORIGINS = ['https://support.mdesk.lt']
INSTALLED_APPS = [
'corsheaders',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.sites',
'django.contrib.humanize',
'bootstrap4form',
'supportSystem',
'storages'
]
SITE_ID = 1
MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
Wham am I doing wrong?

Loading fonts from a different origin is affected by the CORS settings (your CSS files seem to be fine). Since your assets are not served by the Django application but by the Azure storage you need to adjust the CORS settings there (they will not be processed by the Django middleware you are using). You can change the settings in the Azure Portal.

django-cors-header not working as expected when using Postman

I'm trying to use my DRF API in my React Web App with Axios but I'm getting CORS policy blocked.
I've checked the headers using POSTMAN and seems like django-cors-header is not actually embedding the Access-Control-Allow-Origin: *
This is my settings.py from Django:
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'trvl',
'rest_framework',
'coreapi',
'django_filters',
'corsheaders',
]
MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
]
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = False
And this is what I get from POSTMAN
How can I fix this so every response has the Access-Control-Allow-Origin : *

I had the exact same scenario as you. Same frontend and backend.
I was able to resolve my issue by adding this to my settings.py in addition to everything you listed.
CORS_REPLACE_HTTPS_REFERER = True

In settings.py
set ALLOWED_HOSTS = [] to ALLOWED_HOSTS = ["*"]

Django loads save twice for any model

After upgrading to Django 2 from Django 1.7.4, I face the following issue. In django admin save() method is called twice for any model in the project. When it comes to add new, it add the same entry twice, if edit it also saves twice, as a result admin result notification gives the same notice twice.If you click delete button, it first deletes and then gives notification that the entry does not exist, because it also calls delete function twice.
So far checked:
settings file is loaded only once
rewrote post_save
But no avail.
Settings
#SSL settings
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
INSTALLED_APPS = (
'dal',
'dal_select2',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.sites',
'django.contrib.flatpages',
'django.contrib.sitemaps',
'django.contrib.admin',
'compressor',
'mptt',
'django_mptt_admin',
-----
'myappA',
'myAppB',
)
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.BrokenLinkEmailsMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.RemoteUserMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'myappA.middleware.AutoLogout',
]

Finally I have found the solution. The issue was in my middleware which was rewritten to Django 2, and request was called twice.

Enabling the Django Admin for a custom User Model with a custom Authentication Backend

I have a custom user model with my own authentication in place. But despite this I am unable to login to Django admin. The page appears but it does not accept my credentials (which are correct). I have included django.contrib.auth.backends.ModelBackend along with my custom authentication backend in AUTHENTICATION_BACKENDS. The is_staff and is_admin are both set when I check in the shell.
Am I missing something obvious?
AUTHENTICATION_BACKENDS = ( 'django.contrib.auth.backends.ModelBackend',
'final.backends.CustomBackend',)
AUTH_USER_MODEL = 'final.MyUser'
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
# Uncomment the next line for simple clickjacking protection:
# 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
INSTALLED_APPS = (
'rest_framework.authtoken',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
# Uncomment the next line to enable the admin:
'django.contrib.admin',
# Uncomment the next line to enable admin documentation:
'final',
'rest_framework',
)
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'final.authentication.ExpiringTokenAuthentication',
)
}
Ignore the poor indentations please. They got lost in a copy-paste massacre.

help, django-admin-tools wont work!

am installing the django-admin-tools module to enhance the default django admin with custom dashboard and menus. I have read the docs like a bazillion times
Set up everything the way docs say, but am still merely seeing the Django Admin the SAME WAY is was before I'd even though of django-admin-tools.
What could be wrong?
Am running Django 1.3 and using OpenSuse 11.3
If it helps, the order of apps in my settings.py is like:
INSTALLED_APPS = (
'admin_tools',
'django.contrib.admin',
'admin_tools.theming',
'admin_tools.menu',
'admin_tools.dashboard',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
#'grappelli', #for a sweet django admin look
# 'django.contrib.admindocs',
'django_extensions',
'fpui', #the footprint front-end ui app
)
More Parts of my settings.py in relation to this problem:
ROOTDIR = os.path.abspath(os.path.dirname(__file__))
ADMIN_TOOLS_MEDIA_URL = ROOTDIR + '/media/admin_tools/'
MEDIA_ROOT = ROOTDIR + '/media/admin_tools/'
ADMIN_TOOLS_THEMING_CSS = 'css/theming.css'
MEDIA_URL = '/media/'
ADMIN_MEDIA_PREFIX = '/static/admin/'
ADMIN_TOOLS_INDEX_DASHBOARD = 'footprint.dashboard.CustomIndexDashboard'
ADMIN_TOOLS_APP_INDEX_DASHBOARD = 'footprint.dashboard.CustomAppIndexDashboard'
ADMIN_TOOLS_MENU = 'footprint.menu.CustomMenu'
STATIC_ROOT = ROOTDIR + '/fpui/static/'
STATIC_URL = '/static/'
# Additional locations of static files
STATICFILES_DIRS = (
)
STATICFILES_FINDERS = (
'django.contrib.staticfiles.finders.FileSystemFinder',
'django.contrib.staticfiles.finders.AppDirectoriesFinder',
'django.contrib.staticfiles.finders.DefaultStorageFinder',
)

Had the same problem and finally managed to make it work.
I think your INSTALLED_APPS are ordered correctly - the admin_tools should be before django.contrib.admin. To be absolutely sure push django.contrib.admin below other admin_tools apps too.
The problem is probably somewhere in the other configurations; mine was that admin_tools couldn't access my templates and was running the regular admin instead.
Try the below:
ROOTDIR = os.path.realpath(os.path.dirname(__file__))
MEDIA_ROOT = os.path.join(ROOTDIR,'media')
MEDIA_URL = '/media/'
STATIC_ROOT = os.path.join(PROJECT_ROOT,'media/static')
STATIC_URL = '/static/'
ADMIN_MEDIA_PREFIX = '/static/admin/'
STATICFILES_DIRS = (
)
STATICFILES_FINDERS = (
'django.contrib.staticfiles.finders.FileSystemFinder',
'django.contrib.staticfiles.finders.AppDirectoriesFinder',
'django.contrib.staticfiles.finders.DefaultStorageFinder',
)
TEMPLATE_LOADERS = (
'django.template.loaders.filesystem.Loader',
'django.template.loaders.app_directories.Loader',
)
ROOT_URLCONF = 'your_project_name.urls'
TEMPLATE_DIRS = (
os.path.join( PROJECT_ROOT, 'templates' ),
)
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
)
TEMPLATE_CONTEXT_PROCESSORS = (
'django.core.context_processors.auth',
'django.core.context_processors.debug',
'django.core.context_processors.i18n',
'django.core.context_processors.media',
'django.contrib.messages.context_processors.messages',
'django.core.context_processors.request',
)
INSTALLED_APPS = (
'admin_tools',
'admin_tools.theming',
'admin_tools.menu',
'admin_tools.dashboard',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
#'grappelli', #for a sweet django admin look
# 'django.contrib.admindocs',
'django_extensions',
'fpui', #the footprint front-end ui app
)
Note that I used realpath for ROOTDIR so that symbolic links may be resolved if there are any. Replace the your_project_name with your project name in ROOT_URLCONF.
Other parameters such as ADMIN_TOOLS_INDEX_DASHBOARD, ADMIN_TOOLS_APP_INDEX_DASHBOARD and ADMIN_TOOLS_APP_INDEX_DASHBOARD are optional, remove them for now so they won't affect the default configuration.
Of course also make sure your urls.py is configured as in the admin_tools guide.
Good luck

Check out the order of your INSTALLED_APPS; It might help if you place the django.contrib.admin just below the django-admin-tools, the order here is used for choosing the right /templates/admin directory.

A little bit late, but I had the same problem, which turned out to be caused by the following circumstance: before installing admin-tools I had overridden one of the admin templates (base-site.html) by putting a modified version in my_project/templates/admin. So it would always use this template instead of the admin_tools one. After removing the custom template it worked.