csrf

    
            8. csrf
                
                class Cors(MiddlewareMixin):
                    def process_response(self, request, response):
                        response['Access-Control-Allow-Origin'] = ','.join(settings.CORS_ORIGIN_LIST)
                        if request.method == 'OPTIONS':
                            response['Access-Control-Allow-Methods'] =  ','.join(settings.CORS_METHOD_LIST)
                            response['Access-Control-Allow-Headers'] = ','.join(settings.CORS_HEADER_LIST)
                            response['Access-Control-Allow-Credentials'] = 'true'
                            # 对应浏览器中    xhrFields: {   withCredentials: true}
                            # 需要注意的是：服务器端 Access-Control-Allow-Credentials = true时，参数Access-Control-Allow-Origin 的值不能为 '*' 。

                        return response