Skip to main content

 
Search PyPISearch

django-cors-middleware 1.3.1

pip install django-cors-middleware==1.3.1Copy PIP instructions

Latest version

Last released: Aug 20, 2016

django-cors-middleware is a Django application for handling the server headers required for Cross-Origin Resource Sharing (CORS). Fork of django-cors-headers.

 

Project links

Homepage

Statistics

View statistics for this project via Libraries.io, or by using Google BigQuery

Meta

License: MIT License (MIT License)

Author: Zeste de Savoir

Tags:django, cors, middleware, rest,api

Maintainers

gustavi

Project description

 

django-cors-middleware

A Django App that adds CORS (Cross-Origin Resource Sharing) headers to responses.

Although JSON-P is useful, it is strictly limited to GET requests. CORS builds on top of XmlHttpRequest to allow developers to make cross-domain requests, similar to same-domain requests. Read more about it here:http://www.html5rocks.com/en/tutorials/cors/

This is a fork of https://github.com/ottoyiu/django-cors-headers/ because of inactivity.

Supported versions of Python and Django :

  Py 2.7 Py 3.3 Py 3.4 Py 3.5
Django 1.8 YES YES YES YES
Django 1.9 YES   YES YES
Django 1.10 YES   YES YES

Setup

Install by downloading the source and running:

python setup.py install

or

pip install django-cors-middleware

and then add it to your installed apps:

INSTALLED_APPS = (

    ...

    'corsheaders',

    ...

)

You will also need to add a middleware class to listen in on responses:

# Use `MIDDLEWARE_CLASSES` prior to Django 1.10

MIDDLEWARE = [

    ...

    'corsheaders.middleware.CorsMiddleware',

    'django.middleware.common.CommonMiddleware',

    ...

]

Note that CorsMiddleware needs to come before Django’s CommonMiddleware if you are using Django’s USE_ETAGS = True setting, otherwise the CORS headers will be lost from the 304 not-modified responses, causing errors in some browsers.

Signals

If you have a use-case that requires running Python code to check if a site exists, we provide a Django signal that covers this. We have a check_request_enabled signal that provides the request. Here is an example configuration:

from corsheaders import signals

from .models import Site

def handler(sender, request, **kwargs):

    for site in Site.objects.all():

        if request.host in site.domain:

            return True

    return False

signals.check_request_enabled.connect(handler)

If the signal returns True, then the request will have headers added to it.

Configuration

Add hosts that are allowed to do cross-site requests to CORS_ORIGIN_WHITELIST or set CORS_ORIGIN_ALLOW_ALL to True to allow all hosts.

CORS_ORIGIN_ALLOW_ALL

If True, the whitelist will not be used and all origins will be accepted

Default:

CORS_ORIGIN_ALLOW_ALL = False

CORS_ORIGIN_WHITELIST

Specify a list of origin hostnames that are authorized to make a cross-site HTTP request

Example:

CORS_ORIGIN_WHITELIST = (

    'google.com',

    'hostname.example.com'

)

Default:

CORS_ORIGIN_WHITELIST = ()

CORS_ORIGIN_REGEX_WHITELIST

Specify a regex list of origin hostnames that are authorized to make a cross-site HTTP request; Useful when you have a large amount of subdomains for instance.

Example:

CORS_ORIGIN_REGEX_WHITELIST = ('^(https?://)?(\w+\.)?google\.com$', )

Default:

CORS_ORIGIN_REGEX_WHITELIST = ()

You may optionally specify these options in settings.py to override the defaults. Defaults are shown below:

CORS_URLS_REGEX

Specify a URL regex for which to enable the sending of CORS headers; Useful when you only want to enable CORS for specific URLs, e. g. for a REST API under /api/.

Example:

CORS_URLS_REGEX = r'^/api/.*$'

Default:

CORS_URLS_REGEX = '^.*$'

CORS_ALLOW_METHODS

Specify the allowed HTTP methods that can be used when making the actual request

Default:

CORS_ALLOW_METHODS = (

    'GET',

    'POST',

    'PUT',

    'PATCH',

    'DELETE',

    'OPTIONS'

)

CORS_ALLOW_HEADERS

Specify which non-standard HTTP headers can be used when making the actual request

Default:

CORS_ALLOW_HEADERS = (

    'x-requested-with',

    'content-type',

    'accept',

    'origin',

    'authorization',

    'x-csrftoken'

)

CORS_EXPOSE_HEADERS

Specify which HTTP headers are to be exposed to the browser

Default:

CORS_EXPOSE_HEADERS = ()

CORS_PREFLIGHT_MAX_AGE

Specify the number of seconds a client/browser can cache the preflight response

Note: A preflight request is an extra request that is made when making a “not-so-simple” request (eg. content-type is not application/x-www-form-urlencoded) to determine what requests the server actually accepts. Read more about it here: http://www.html5rocks.com/en/tutorials/cors/

Default:

CORS_PREFLIGHT_MAX_AGE = 86400

CORS_ALLOW_CREDENTIALS

Specify whether or not cookies are allowed to be included in cross-site HTTP requests (CORS).

Default:

CORS_ALLOW_CREDENTIALS = False

CORS_REPLACE_HTTPS_REFERER

Specify whether to replace the HTTP_REFERER header if CORS checks pass so that CSRF django middleware checks will work with https

Note: With this feature enabled, you also need to add the corsheaders.middleware.CorsPostCsrfMiddleware after django.middleware.csrf.CsrfViewMiddleware to undo the header replacement

Default:

CORS_REPLACE_HTTPS_REFERER = False

CORS_URLS_ALLOW_ALL_REGEX

Specify a list of URL regex for which to allow all origins

Example:

CORS_URLS_ALLOW_ALL_REGEX = (r'^/api/users$', )

Default:

CORS_URLS_ALLOW_ALL_REGEX = ()

Developed and maintained by the Python community, for the Python community. 
Donate today!

© 2018 Python Software Foundation

DJango跨域中间键的更多相关文章

  1. Django跨域请求之JSONP和CORS

    现在来新建一个Django项目server01,url配置为 url(r'^getData.html$',views.get_data) 其对应的视图函数为get_data: from django. ...

  2. Django跨域问题(CORS错误)

    Django跨域问题(CORS错误) 一.出现跨域问题(cors错误)的原因 通常情况下,A网页访问B服务器资源时,不满足以下三个条件其一就是跨域访问 协议不同 端口不同 主机不同 二.Django解 ...

  3. Django跨域、cookie、session

    前后台分离开发 1.前台页面运行在前台服务器上,负责页面的渲染(静态文件的加载)与跳转 2.后台代码运行在后台服务器上,负责数据的处理(提供数据请求的接口) 跨域 什么是跨域? 通常情况下,A网页访问 ...

  4. Django跨域(前端跨域)

    前情回顾 在说今天的问题之前先来回顾一下有关Ajax的相关内容 Ajax的优缺点 AJAX使用Javascript技术向服务器发送异步请求: AJAX无须刷新整个页面: 因为服务器响应内容不再是整个页 ...

  5. Django跨域问题

    相关博客地址 同源策略与Jsonp 同源策略 同源策略(Same origin policy)是一种约定,它是浏览器最核心也最基本的安全功能,如果缺少了同源策略,则浏览器的正常功能可能都会受到影响.可 ...

  6. Django 跨域请求处理

    参考https://blog.csdn.net/qq_27068845/article/details/73007155 http://blog.51cto.com/aaronsa/2071108 d ...

  7. Django—跨域请求(jsonp)

    同源策略 如果两个页面的协议,端口(如果有指定)和域名都相同,则两个页面具有相同的源. 示例:两个Django demo demo1 url.py url(r'^demo1/',demo1), vie ...

  8. Django跨域请求

    一.jsonp方式 同源策略会阻止ajaxa请求,但不阻止src. jsonp方式其实是利用了<script>标签可以直接跨域的性质,在body中生成一个<script>标签, ...

  9. Django 跨域请求

    跨域:通过js或python在不同的域之间进行数据传输或通信,比如用ajax向一个不同的域请求数据,或者通过js获取页面中不同域的框架中(Django)的数据.只要协议.域名.端口有任何一个不同,都被 ...

随机推荐

  1. ansible使用2-命令

    并发与shell # bruce用户身份,-m指定模块名称,默认模块名command,all所有目标主机,也可以指定组名或者主机名 ansible all -m ping -u bruce # bru ...

  2. jmeter之HTTP信息头管理器

    信息头管理器作用: HTTP信息头管理器在Jmeter的使用过程中起着很重要的作用,通常我们在通过Jmeter向服务器发送http请求(get或者post)的时候,往往后端需要一些验证信息,比如说we ...

  3. 笨办法学Python(七)

    习题 7: 更多打印 现在我们将做一批练习,在练习的过程中你需要键入代码,并且让它们运行起来.我不会解释太多,因为这节的内容都是以前熟悉过的.这节练习的目的是巩固你学到的东西.我们几个练习后再见.不要 ...

  4. Firefox浏览器 页面滑动卡帧问题

    在设置里关闭"平滑滚动"选项即可,猎豹似乎没有,遭黑

  5. c#winform初学习

    不用思维导图了直接拍照笔记吧..参考视频:传智播客.net第十四天,参考图书c#图解教程第四版(人民邮电出版社) 对对象初始化赋值 工具箱中的每一个控件都相当于一个类 在窗体中拖一个控件就相当于new ...

  6. c#中的 MessageBox 弹出提示框的用法

    MessageBox.Show(<字符串str> Text, <字符串str> Title, <整型int> nType,MessageBoxIcon); 例:Me ...

  7. [转] JAVA中读取网络中的图片资源导入到EXCEL中

    需求 导出人员的信息并且加上人员的照片至EXCEL中 完整的代码 //创建一个表格 HSSFWorkbook wb = new HSSFWorkbook(); HSSFSheet sheet = wb ...

  8. 项目部署到自己的IIS上

    一般我们只能在本机上才可以开到我们的项目,这个是不需要连网的 如果想让我们的项目在网站中打开,别人也可以看到,就需要把我们的项目部署到服务器上了,输入IP就可以看到我们的项目 发布项目 然后发布网站 ...

  9. 基于java开发的开源代码GPS北斗位置服务监控平台

    最近在研究位置服务平台,基于全球卫星定位技术(GNSS).互联网技术.空间地理信息技术(GIS).3G/4G无线通信技术,面向全国公众用户建立大容量.实时.稳定的位置信息服务运营平台.实现管理目标的实 ...

  10. jquery 操作ajax 相关方法

    jQuery.get() 使用一个HTTP GET 请求从服务器加载数据. jQuery.get(url [,data] [,success(data,textStatus,jqXHR)] [dtaT ...