Who want to use django framework to achieve separation of the front and rear end, the primary issue is to solve the problem of cross-domain requests, what is the cross-domain requests? Simply the domain of the current domain request initiated by the request is directed to the resource is located inconsistent. When the protocol + domain + port number are the same, then that is the same domain.
Cross-domain issues
Error message:
solution
1.JSONP, primitive method, essentially without the use of some of html tags origin policy influence, for example: <a>, <img>, <iframe>, <script> and the like, in order to achieve cross-domain request, However, this method only supports GET request method.
2.CORS, Cross-Origin Resource Sharing, a new W3C standard, a set of HTTP header fields, it added, allowing the server to declare which the source station has access to what resources, in other words, it allows the browser to declare CORS Cross-domain server sends XML HttpRequest request, so customer service can only limit Ajax homologous use. In django framework to solve the problem is to use CORS cross-domain requests.
1. Installation: . 1 PIP-CORS-headers the install Django
2. Modify django project settings.py
. 1 the INSTALLED_APPS = [ 2 ' django.contrib.admin ' , . 3 ' django.contrib.auth ' , . 4 ' django.contrib.contenttypes ' , . 5 ' django.contrib.sessions ' , . 6 ' django.contrib.messages ' , . 7 ' django.contrib.staticfiles ' , 8 ' corsheaders ' , # this is our protagonist, before other items on the new 9 ' app01 ' , 10 ] 11 MIDDLEWARE = [ 12 'django.middleware.security.SecurityMiddleware', 13 'django.contrib.sessions.middleware.SessionMiddleware', 14 'corsheaders.middleware.CorsMiddleware', #注意顺序,必须放在这儿 15 'django.middleware.common.CommonMiddleware', 16 'django.middleware.csrf.CsrfViewMiddleware', 17 'django.contrib.auth.middleware.AuthenticationMiddleware', 18 'django.contrib.messages.middleware.MessageMiddleware', 19 'django.middleware.clickjacking.XFrameOptionsMiddleware', 20 ] 21 22 23 24 CORS_ALLOW_CREDENTIALS = True 25 26 CORS_ORIGIN_ALLOW_ALL = True 27 28 # 允许所有的请求头 29 30 CORS_ALLOW_HEADERS = (' * ')
. 1 the INSTALLED_APPS = [ 2 ... . 3 ' corsheaders ' , . 4 ... . 5 ] . 6 . 7 the MIDDLEWARE_CLASSES = ( . 8 ... . 9 ' corsheaders.middleware.CorsMiddleware ' , 10 ' django.middleware.common.CommonMiddleware ' , # note order of 11 ... 12 ) 13 # cross-domain increases drop 14 CORS_ALLOW_CREDENTIALS = True 15 CORS_ORIGIN_ALLOW_ALL = True 16 CORS_ORIGIN_WHITELIST = ( 17 '*' 18 ) 19 20 CORS_ALLOW_METHODS = ( 21 'DELETE', 22 'GET', 23 'OPTIONS', 24 'PATCH', 25 'POST', 26 'PUT', 27 'VIEW', 28 ) 29 30 CORS_ALLOW_HEADERS = ( 31 'XMLHttpRequest', 32 'X_FILENAME', 33 'accept-encoding', 34 'authorization', 35 'content-type', 36 'dnt', 37 'origin', 38 'user-agent', 39 'x-csrftoken', 40 'x-requested-with', 41 ' Pragma ' , 42 )
Other solutions
1 When using Ajax get json data, cross-domain restrictions. However, the call js script on a Web page script file Shique not affect cross-domain, JSONP is to use this to achieve cross-domain transmission. Therefore, we need to call the dataType from Ajax JSON instead JSONP (corresponding API also need to support JSONP) format. 2 JSONP can only be used GET request.
2.response middleware API is provided in or views.py
3. Middleware Solution
Create a file in the app, in which write the following code:
Then register custom middleware in the settings.py:
