DJango跨域中间键
django-cors-middleware 1.3.1
pip install django-cors-middleware==1.3.1Copy PIP instructions
Last released: Aug 20, 2016
django-cors-middleware is a Django application for handling the server headers required for Cross-Origin Resource Sharing (CORS). Fork of django-cors-headers.
Project links
Statistics
View statistics for this project via Libraries.io, or by using Google BigQuery
Meta
License: MIT License (MIT License)
Author: Zeste de Savoir
Tags:django, cors, middleware, rest,api
Maintainers
Classifiers
- Development Status
- 5 - Production/Stable
- Environment
- Web Environment
- Framework
- Django
- Intended Audience
- Developers
- License
- OSI Approved :: MIT License
- Operating System
- OS Independent
- Programming Language
- Python
- Python :: 2
- Python :: 2.7
- Python :: 3
- Python :: 3.3
- Python :: 3.4
- Python :: 3.5
- Topic
- Software Development :: Libraries :: Application Frameworks
- Software Development :: Libraries :: Python Modules
Project description
django-cors-middleware
A Django App that adds CORS (Cross-Origin Resource Sharing) headers to responses.
Although JSON-P is useful, it is strictly limited to GET requests. CORS builds on top of XmlHttpRequest to allow developers to make cross-domain requests, similar to same-domain requests. Read more about it here:http://www.html5rocks.com/en/tutorials/cors/
This is a fork of https://github.com/ottoyiu/django-cors-headers/ because of inactivity.
Supported versions of Python and Django :
| Py 2.7 | Py 3.3 | Py 3.4 | Py 3.5 | |
|---|---|---|---|---|
| Django 1.8 | YES | YES | YES | YES |
| Django 1.9 | YES | YES | YES | |
| Django 1.10 | YES | YES | YES |
Setup
Install by downloading the source and running:
python setup.py install
or
pip install django-cors-middleware
and then add it to your installed apps:
INSTALLED_APPS = (
...
'corsheaders',
...
)
You will also need to add a middleware class to listen in on responses:
# Use `MIDDLEWARE_CLASSES` prior to Django 1.10
MIDDLEWARE = [
...
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
...
]
Note that CorsMiddleware needs to come before Django’s CommonMiddleware if you are using Django’s USE_ETAGS = True setting, otherwise the CORS headers will be lost from the 304 not-modified responses, causing errors in some browsers.
Signals
If you have a use-case that requires running Python code to check if a site exists, we provide a Django signal that covers this. We have a check_request_enabled signal that provides the request. Here is an example configuration:
from corsheaders import signals
from .models import Site def handler(sender, request, **kwargs):
for site in Site.objects.all():
if request.host in site.domain:
return True
return False signals.check_request_enabled.connect(handler)
If the signal returns True, then the request will have headers added to it.
Configuration
Add hosts that are allowed to do cross-site requests to CORS_ORIGIN_WHITELIST or set CORS_ORIGIN_ALLOW_ALL to True to allow all hosts.
CORS_ORIGIN_ALLOW_ALL
If True, the whitelist will not be used and all origins will be accepted
Default:
CORS_ORIGIN_ALLOW_ALL = False
CORS_ORIGIN_WHITELIST
Specify a list of origin hostnames that are authorized to make a cross-site HTTP request
Example:
CORS_ORIGIN_WHITELIST = (
'google.com',
'hostname.example.com'
)
Default:
CORS_ORIGIN_WHITELIST = ()
CORS_ORIGIN_REGEX_WHITELIST
Specify a regex list of origin hostnames that are authorized to make a cross-site HTTP request; Useful when you have a large amount of subdomains for instance.
Example:
CORS_ORIGIN_REGEX_WHITELIST = ('^(https?://)?(\w+\.)?google\.com$', )
Default:
CORS_ORIGIN_REGEX_WHITELIST = ()
You may optionally specify these options in settings.py to override the defaults. Defaults are shown below:
CORS_URLS_REGEX
Specify a URL regex for which to enable the sending of CORS headers; Useful when you only want to enable CORS for specific URLs, e. g. for a REST API under /api/.
Example:
CORS_URLS_REGEX = r'^/api/.*$'
Default:
CORS_URLS_REGEX = '^.*$'
CORS_ALLOW_METHODS
Specify the allowed HTTP methods that can be used when making the actual request
Default:
CORS_ALLOW_METHODS = (
'GET',
'POST',
'PUT',
'PATCH',
'DELETE',
'OPTIONS'
)
CORS_ALLOW_HEADERS
Specify which non-standard HTTP headers can be used when making the actual request
Default:
CORS_ALLOW_HEADERS = (
'x-requested-with',
'content-type',
'accept',
'origin',
'authorization',
'x-csrftoken'
)
CORS_EXPOSE_HEADERS
Specify which HTTP headers are to be exposed to the browser
Default:
CORS_EXPOSE_HEADERS = ()
CORS_PREFLIGHT_MAX_AGE
Specify the number of seconds a client/browser can cache the preflight response
Note: A preflight request is an extra request that is made when making a “not-so-simple” request (eg. content-type is not application/x-www-form-urlencoded) to determine what requests the server actually accepts. Read more about it here: http://www.html5rocks.com/en/tutorials/cors/
Default:
CORS_PREFLIGHT_MAX_AGE = 86400
CORS_ALLOW_CREDENTIALS
Specify whether or not cookies are allowed to be included in cross-site HTTP requests (CORS).
Default:
CORS_ALLOW_CREDENTIALS = False
CORS_REPLACE_HTTPS_REFERER
Specify whether to replace the HTTP_REFERER header if CORS checks pass so that CSRF django middleware checks will work with https
Note: With this feature enabled, you also need to add the corsheaders.middleware.CorsPostCsrfMiddleware after django.middleware.csrf.CsrfViewMiddleware to undo the header replacement
Default:
CORS_REPLACE_HTTPS_REFERER = False
CORS_URLS_ALLOW_ALL_REGEX
Specify a list of URL regex for which to allow all origins
Example:
CORS_URLS_ALLOW_ALL_REGEX = (r'^/api/users$', )
Default:
CORS_URLS_ALLOW_ALL_REGEX = ()
Contributing to PyPI
- Bugs & feedback
- Contribute on GitHub
- Development credits
Using PyPI
- Code of conduct
- Security policy
- Privacy policy
- Terms of use
Developed and maintained by the Python community, for the Python community.
Donate today!
© 2018 Python Software Foundation
ElasticSearch
PingdomMonitoring
GoogleBigQuery
SentryError logging
CloudAMQPRabbitMQ
AWSCloud computing
DataDogMonitoring
FastlyCDN
DigiCertEV certificate
StatusPageStatus pageDJango跨域中间键的更多相关文章
- Django跨域请求之JSONP和CORS
现在来新建一个Django项目server01,url配置为 url(r'^getData.html$',views.get_data) 其对应的视图函数为get_data: from django. ...
- Django跨域问题(CORS错误)
Django跨域问题(CORS错误) 一.出现跨域问题(cors错误)的原因 通常情况下,A网页访问B服务器资源时,不满足以下三个条件其一就是跨域访问 协议不同 端口不同 主机不同 二.Django解 ...
- Django跨域、cookie、session
前后台分离开发 1.前台页面运行在前台服务器上,负责页面的渲染(静态文件的加载)与跳转 2.后台代码运行在后台服务器上,负责数据的处理(提供数据请求的接口) 跨域 什么是跨域? 通常情况下,A网页访问 ...
- Django跨域(前端跨域)
前情回顾 在说今天的问题之前先来回顾一下有关Ajax的相关内容 Ajax的优缺点 AJAX使用Javascript技术向服务器发送异步请求: AJAX无须刷新整个页面: 因为服务器响应内容不再是整个页 ...
- Django跨域问题
相关博客地址 同源策略与Jsonp 同源策略 同源策略(Same origin policy)是一种约定,它是浏览器最核心也最基本的安全功能,如果缺少了同源策略,则浏览器的正常功能可能都会受到影响.可 ...
- Django 跨域请求处理
参考https://blog.csdn.net/qq_27068845/article/details/73007155 http://blog.51cto.com/aaronsa/2071108 d ...
- Django—跨域请求(jsonp)
同源策略 如果两个页面的协议,端口(如果有指定)和域名都相同,则两个页面具有相同的源. 示例:两个Django demo demo1 url.py url(r'^demo1/',demo1), vie ...
- Django跨域请求
一.jsonp方式 同源策略会阻止ajaxa请求,但不阻止src. jsonp方式其实是利用了<script>标签可以直接跨域的性质,在body中生成一个<script>标签, ...
- Django 跨域请求
跨域:通过js或python在不同的域之间进行数据传输或通信,比如用ajax向一个不同的域请求数据,或者通过js获取页面中不同域的框架中(Django)的数据.只要协议.域名.端口有任何一个不同,都被 ...
随机推荐
- 常用HTML富文本编辑器
常用的HTML富文本编译器UEditor.CKEditor.TinyMCE.HTMLArea.eWebEditor.KindEditor简介 这篇文章主要介绍了常用的HTML富文本编译器UEdit ...
- 笨办法学Python(二十一)
习题 21: 函数可以返回东西 你已经学过使用 = 给变量命名,以及将变量定义为某个数字或者字符串.接下来我们将让你见证更多奇迹.我们要演示给你的是如何使用 = 以及一个新的 Python 词汇ret ...
- leetcode 141、Linked list cycle
一种方法是用set存储出现过的指针,重复出现时就是有环: class Solution { public: bool hasCycle(ListNode *head) { set<ListNod ...
- MySQL数据库实验四:嵌套查询
实验四 嵌套查询 一.实验目的 掌握SELECT语句的嵌套使用,实现表的复杂查询,进一步理解SELECT语句的高级使用方法. 二.实验环境 三.实验示例 1. 查询与“刘晨”在同一 ...
- Kruskal算法求最小生成树
Kruskal算法是根据权来筛选节点,也是采用贪心算法. /// Kruskal ///初始化每个节点为独立的点,他的祖先为自己本身 void made(int n) { ; i<=n; i++ ...
- ios相关配置
Deployment Target,它控制着运行应用需要的最低操作系统版本.
- Python2.x 和 3.x 的区别
Python有两个版本,2.x 和 3.x ,两个版本不兼容,3.x 不不考虑对2.x代码的向后兼容. 在3.x中,一些语法,内建函数和对象的行为都有所调整. 大部分的python库都支持 pytho ...
- MBProgressHUD 优雅地去提示
项目主页: MBProgressHUD 实例下载: 点击下载 快速上手: 当执行需要较长时间的任务时,使用MBProgressHUD最重要的一点是: 保证主线程是空闲的,这样可以使UI实时更新.因此: ...
- react中实现原生enter/回车事件及antdesign组件实现方式
先直接上核心代码: this.goToHomePage换成自己逻辑 自己写的时候直接把this.goToHmoPage()换成自己的逻辑就行了,还有注意一点的是: 需要传个空函数,不然会报错 在com ...
- 【赛时总结】 ◇赛时·I◇ AtCoder ARC-098
◆赛时I◆ ARC-098 ■试题&解析■ ◆本场最水◆ C-Attention 长点儿信心吧-- [AtCoder ARC-098 C] [解析] 既然只存在左右(东西)两个朝向,那么领导右 ...