8. csrf class Cors(MiddlewareMixin): def process_response(self, request, response): response['Access-Control-Allow-Origin'] = ','.join(settings.CORS_ORIGIN_LIST) if request.method == 'OPTIONS': response['Access-Control-Allow-Methods'] = ','.join(settings.CORS_METHOD_LIST) response['Access-Control-Allow-Headers'] = ','.join(settings.CORS_HEADER_LIST) response[ ' Access-Control-Allow-Credentials ' ] = ' true ' #Corresponding to xhrFields in the browser: { withCredentials: true} #It should be noted that: when the server-side Access-Control-Allow-Credentials = true, the parameter Access- The value of Control-Allow-Origin cannot be '*'. return response