corsheaders django application of [cross-domain set]

installation

pip install django-cors-headers

Registration Application

INSTALLED_APPS = (
...
'corsheaders',
...
)

The intermediate layer is provided

MIDDLEWARE = [  
    ...
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    ...
]

Add whitelist

# CORS set up cross-domain domain 
CORS_ORIGIN_WHITELIST = ( 
'127.0.0.1:8080', 
'localhost: 8080', 
'www.xxxx.com:8080', 
'api.xxxx.com:8000' 
) 

CORS_ALLOW_CREDENTIALS allowed cookie = True # 

aLLOWED_HOSTS = [ 'www.xxxx.com:8080','api.xxxx.com:8000','127.0.0.1'] 

# when the rear end of the front end to access cookies required to carry, to set 
withCredentials: true

A method is provided to allow access to (has been measured, useless)

CORS_ALLOW_METHODS = (
'GET',
'POST',
'PUT',
'PATCH',
'DELETE',
'OPTIONS'
)

Setting allows the header :( not determined)

CORS_ALLOW_HEADERS = (
'x-requested-with',
'content-type',
'accept',
'origin',
'authorization',
'x-csrftoken'
)

---

　　

Add Middleware

= MIDDLEWARE [ 
  'corsheaders.middleware.CorsMiddleware', is preferably added to the first row # 
]

Configuring the Whitelist

# Single configuration 
CORS_ORIGIN_WHITELIST = ( 
   'domain' 
) 
# regular configuration: 
CORS_ORIGIN_REGEX_WHITELIST = (r '^ (HTTPS:? //) (\ w + \) jim \ .com $?.?')

Or simply allow all hosts cross-domain

CORS_ORIGIN_ALLOW_ALL = True The default is False

In general, we configure these is enough, of course, the most famous of a expansion, certainly doing it perfectly, more configuration, please visit:  https://github.com/ottoyiu/django-cors-headers/