8. csrf class Cors(MiddlewareMixin): def process_response(self, request, response): response['Access-Control-Allow-Origin'] = ','.join(settings.CORS_ORIGIN_LIST) if request.method == 'OPTIONS': response['Access-Control-Allow-Methods'] = ','.join(settings.CORS_METHOD_LIST) response['Access-Control-Allow-Headers'] = ','.join(settings.CORS_HEADER_LIST) response['Access-Control-Allow-Credentials'] = 'true' # 对应浏览器中 xhrFields: { withCredentials: true} # 需要注意的是:服务器端 Access-Control-Allow-Credentials = true时,参数Access-Control-Allow-Origin 的值不能为 '*' 。 return response
csrf
猜你喜欢
转载自www.cnblogs.com/zjchao/p/8904044.html
今日推荐
周排行