installation
pip install django-cors-headers
Registration Application
INSTALLED_APPS = ( ... 'corsheaders', ... )
The intermediate layer is provided
MIDDLEWARE = [ ... 'corsheaders.middleware.CorsMiddleware', 'django.middleware.common.CommonMiddleware', ... ]
Add whitelist
# CORS set up cross-domain domain CORS_ORIGIN_WHITELIST = ( '127.0.0.1:8080', 'localhost: 8080', 'www.xxxx.com:8080', 'api.xxxx.com:8000' ) CORS_ALLOW_CREDENTIALS allowed cookie = True # aLLOWED_HOSTS = [ 'www.xxxx.com:8080','api.xxxx.com:8000','127.0.0.1'] # when the rear end of the front end to access cookies required to carry, to set withCredentials: true
A method is provided to allow access to (has been measured, useless)
CORS_ALLOW_METHODS = ( 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS' )
Setting allows the header :( not determined)
CORS_ALLOW_HEADERS = ( 'x-requested-with', 'content-type', 'accept', 'origin', 'authorization', 'x-csrftoken' )
Add Middleware
= MIDDLEWARE [ 'corsheaders.middleware.CorsMiddleware', is preferably added to the first row # ]
Configuring the Whitelist
# Single configuration CORS_ORIGIN_WHITELIST = ( 'domain' ) # regular configuration: CORS_ORIGIN_REGEX_WHITELIST = (r '^ (HTTPS:? //) (\ w + \) jim \ .com $?.?')
Or simply allow all hosts cross-domain
CORS_ORIGIN_ALLOW_ALL = True The default is False
In general, we configure these is enough, of course, the most famous of a expansion, certainly doing it perfectly, more configuration, please visit: https://github.com/ottoyiu/django-cors-headers/