Skip to main content

 
Search PyPISearch

django-cors-middleware 1.3.1

pip install django-cors-middleware==1.3.1Copy PIP instructions

Latest version

Last released: Aug 20, 2016

django-cors-middleware is a Django application for handling the server headers required for Cross-Origin Resource Sharing (CORS). Fork of django-cors-headers.

 

Project links

Homepage

Statistics

View statistics for this project via Libraries.io, or by using Google BigQuery

Meta

License: MIT License (MIT License)

Author: Zeste de Savoir

Tags:django, cors, middleware, rest,api

Maintainers

gustavi

Project description

 

django-cors-middleware

A Django App that adds CORS (Cross-Origin Resource Sharing) headers to responses.

Although JSON-P is useful, it is strictly limited to GET requests. CORS builds on top of XmlHttpRequest to allow developers to make cross-domain requests, similar to same-domain requests. Read more about it here:http://www.html5rocks.com/en/tutorials/cors/

This is a fork of https://github.com/ottoyiu/django-cors-headers/ because of inactivity.

Supported versions of Python and Django :

  Py 2.7 Py 3.3 Py 3.4 Py 3.5
Django 1.8 YES YES YES YES
Django 1.9 YES   YES YES
Django 1.10 YES   YES YES

Setup

Install by downloading the source and running:

python setup.py install

or

pip install django-cors-middleware

and then add it to your installed apps:

INSTALLED_APPS = (

    ...

    'corsheaders',

    ...

)

You will also need to add a middleware class to listen in on responses:

# Use `MIDDLEWARE_CLASSES` prior to Django 1.10

MIDDLEWARE = [

    ...

    'corsheaders.middleware.CorsMiddleware',

    'django.middleware.common.CommonMiddleware',

    ...

]

Note that CorsMiddleware needs to come before Django’s CommonMiddleware if you are using Django’s USE_ETAGS = True setting, otherwise the CORS headers will be lost from the 304 not-modified responses, causing errors in some browsers.

Signals

If you have a use-case that requires running Python code to check if a site exists, we provide a Django signal that covers this. We have a check_request_enabled signal that provides the request. Here is an example configuration:

from corsheaders import signals

from .models import Site

def handler(sender, request, **kwargs):

    for site in Site.objects.all():

        if request.host in site.domain:

            return True

    return False

signals.check_request_enabled.connect(handler)

If the signal returns True, then the request will have headers added to it.

Configuration

Add hosts that are allowed to do cross-site requests to CORS_ORIGIN_WHITELIST or set CORS_ORIGIN_ALLOW_ALL to True to allow all hosts.

CORS_ORIGIN_ALLOW_ALL

If True, the whitelist will not be used and all origins will be accepted

Default:

CORS_ORIGIN_ALLOW_ALL = False

CORS_ORIGIN_WHITELIST

Specify a list of origin hostnames that are authorized to make a cross-site HTTP request

Example:

CORS_ORIGIN_WHITELIST = (

    'google.com',

    'hostname.example.com'

)

Default:

CORS_ORIGIN_WHITELIST = ()

CORS_ORIGIN_REGEX_WHITELIST

Specify a regex list of origin hostnames that are authorized to make a cross-site HTTP request; Useful when you have a large amount of subdomains for instance.

Example:

CORS_ORIGIN_REGEX_WHITELIST = ('^(https?://)?(\w+\.)?google\.com$', )

Default:

CORS_ORIGIN_REGEX_WHITELIST = ()

You may optionally specify these options in settings.py to override the defaults. Defaults are shown below:

CORS_URLS_REGEX

Specify a URL regex for which to enable the sending of CORS headers; Useful when you only want to enable CORS for specific URLs, e. g. for a REST API under /api/.

Example:

CORS_URLS_REGEX = r'^/api/.*$'

Default:

CORS_URLS_REGEX = '^.*$'

CORS_ALLOW_METHODS

Specify the allowed HTTP methods that can be used when making the actual request

Default:

CORS_ALLOW_METHODS = (

    'GET',

    'POST',

    'PUT',

    'PATCH',

    'DELETE',

    'OPTIONS'

)

CORS_ALLOW_HEADERS

Specify which non-standard HTTP headers can be used when making the actual request

Default:

CORS_ALLOW_HEADERS = (

    'x-requested-with',

    'content-type',

    'accept',

    'origin',

    'authorization',

    'x-csrftoken'

)

CORS_EXPOSE_HEADERS

Specify which HTTP headers are to be exposed to the browser

Default:

CORS_EXPOSE_HEADERS = ()

CORS_PREFLIGHT_MAX_AGE

Specify the number of seconds a client/browser can cache the preflight response

Note: A preflight request is an extra request that is made when making a “not-so-simple” request (eg. content-type is not application/x-www-form-urlencoded) to determine what requests the server actually accepts. Read more about it here: http://www.html5rocks.com/en/tutorials/cors/

Default:

CORS_PREFLIGHT_MAX_AGE = 86400

CORS_ALLOW_CREDENTIALS

Specify whether or not cookies are allowed to be included in cross-site HTTP requests (CORS).

Default:

CORS_ALLOW_CREDENTIALS = False

CORS_REPLACE_HTTPS_REFERER

Specify whether to replace the HTTP_REFERER header if CORS checks pass so that CSRF django middleware checks will work with https

Note: With this feature enabled, you also need to add the corsheaders.middleware.CorsPostCsrfMiddleware after django.middleware.csrf.CsrfViewMiddleware to undo the header replacement

Default:

CORS_REPLACE_HTTPS_REFERER = False

CORS_URLS_ALLOW_ALL_REGEX

Specify a list of URL regex for which to allow all origins

Example:

CORS_URLS_ALLOW_ALL_REGEX = (r'^/api/users$', )

Default:

CORS_URLS_ALLOW_ALL_REGEX = ()

Developed and maintained by the Python community, for the Python community. 
Donate today!

© 2018 Python Software Foundation

DJango跨域中间键的更多相关文章

  1. Django跨域请求之JSONP和CORS

    现在来新建一个Django项目server01,url配置为 url(r'^getData.html$',views.get_data) 其对应的视图函数为get_data: from django. ...

  2. Django跨域问题(CORS错误)

    Django跨域问题(CORS错误) 一.出现跨域问题(cors错误)的原因 通常情况下,A网页访问B服务器资源时,不满足以下三个条件其一就是跨域访问 协议不同 端口不同 主机不同 二.Django解 ...

  3. Django跨域、cookie、session

    前后台分离开发 1.前台页面运行在前台服务器上,负责页面的渲染(静态文件的加载)与跳转 2.后台代码运行在后台服务器上,负责数据的处理(提供数据请求的接口) 跨域 什么是跨域? 通常情况下,A网页访问 ...

  4. Django跨域(前端跨域)

    前情回顾 在说今天的问题之前先来回顾一下有关Ajax的相关内容 Ajax的优缺点 AJAX使用Javascript技术向服务器发送异步请求: AJAX无须刷新整个页面: 因为服务器响应内容不再是整个页 ...

  5. Django跨域问题

    相关博客地址 同源策略与Jsonp 同源策略 同源策略(Same origin policy)是一种约定,它是浏览器最核心也最基本的安全功能,如果缺少了同源策略,则浏览器的正常功能可能都会受到影响.可 ...

  6. Django 跨域请求处理

    参考https://blog.csdn.net/qq_27068845/article/details/73007155 http://blog.51cto.com/aaronsa/2071108 d ...

  7. Django—跨域请求(jsonp)

    同源策略 如果两个页面的协议,端口(如果有指定)和域名都相同,则两个页面具有相同的源. 示例:两个Django demo demo1 url.py url(r'^demo1/',demo1), vie ...

  8. Django跨域请求

    一.jsonp方式 同源策略会阻止ajaxa请求,但不阻止src. jsonp方式其实是利用了<script>标签可以直接跨域的性质,在body中生成一个<script>标签, ...

  9. Django 跨域请求

    跨域:通过js或python在不同的域之间进行数据传输或通信,比如用ajax向一个不同的域请求数据,或者通过js获取页面中不同域的框架中(Django)的数据.只要协议.域名.端口有任何一个不同,都被 ...

随机推荐

  1. Odoo (OpenERP/TinyERP)-10.0 (Debian 8)

    平台: Ubuntu 类型: 虚拟机镜像 软件包: odoo-10.0 commercial erp odoo open source openerp tinyerp 服务优惠价: 按服务商许可协议 ...

  2. Azure 进阶攻略 | 文件完整性,你打算如何证明?

    假设你是一位独立软件开发者,通过自己的网站提供软件下载.网站完全托管在 Azure 中,并且软件下载也是通过 Azure Blob 存储和 Azure CDN 服务提供的. 这做法真不错,不需要自己管 ...

  3. DIV命名规范

    DIV命名规范 企业DIV使用频率高的命名方法 网页内容类 --- 注释的写法: /* Footer */ 内容区/* End Footer */ 摘要: summary 箭头: arrow 商标:  ...

  4. Vim插件推荐

    看下文时要知道我的<leader>键就是\. ctags C程序阅读辅助工具.在看C/C++代码的时候经常需要在文件之间跳来跳去,这是很麻烦的事,ctags就是解决这种问题的.ctags是 ...

  5. MySQL数据库实验二:单表查询

    实验二   单表查询 一.实验目的 理解SELECT语句的操作和基本使用方法. 二.实验环境 是MS SQL SERVER 2005的中文客户端. 三.实验示例 1.查询全体学生的姓名.学号.所在系. ...

  6. SIP MGCP和H323的区别

    在Windows中内置的NetMeeting就是典型的H.323协议客户端,而比较常见的SIP系统是微软开发的MSN Messenger系统.首先,由用户A向SIP服务器发出呼叫请求,请求的信息包含自 ...

  7. IOS SQLite函数总结

    SQL语句的种类 ●  数据定义语句(DDL:Data Definition Language) ●  包括create和drop等操作 ●  在数据库中创建新表或删除表(create table或 ...

  8. Tomcat8.0.36安装配置

    1.下载tomcat8.0.36 下载地址:http://tomcat.apache.org/download-80.cgi 2.解压 至C:\Program Files\tomcat8下 3.添加系 ...

  9. C语言文件操作类型速查

    文件使用方式 含义 "r"(只读) 为输入打开一个文本文件,不存在则失败 "w"(只写) 为输出打开一个文本文件,不存在则新建,存在则删除后再新建 " ...

  10. 深入浅出:了解jsonp跨域的九种方式

    什么是“”跨域”: 跨域访问,简单来说就是 A 网站的 javascript 代码试图访问 B 网站,包括提交内容和获取内容.由于安全原因,跨域访问是被各大浏览器所默认禁止的.当一个域与其他域建立了信 ...