Django-伺服器端物件-跨域請求
阿新 • • 發佈:2018-11-02
Django-伺服器端物件-跨域請求
-
在介面函式中配置
from django.http import HttpResponse,response,JsonResponse def login(request): todo_list = [ {"id": "1", "content": "吃飯"}, {"id": "2", "content": "吃飯"}, ] response = JsonResponse(todo_list, safe=False) response["Access-Control-Allow-Origin"] = "*" response["Access-Control-Allow-Methods"] = "POST, GET, OPTIONS" response["Access-Control-Max-Age"] = "1000" response["Access-Control-Allow-Headers"] = "*" return response
-
安裝CORS
pip install django-cors-headers
-
新增app
INSTALLED_APPS = ( ... 'corsheaders', ... )
-
新增中介軟體
MIDDLEWARE = [ # Or MIDDLEWARE_CLASSES on Django < 1.10 ... 'corsheaders.middleware.CorsMiddleware', 'django.middleware.common.CommonMiddleware', ... ]
-
配置允許跨站訪問本站
-
配置允許跨站訪問本站的地址
CORS_ORIGIN_ALLOW_ALL = False CORS_ORIGIN_WHITELIST = ( 'localhost:63343', ) # 預設值是全部: CORS_ORIGIN_WHITELIST = () # 或者定義允許的匹配路徑正則表示式. CORS_ORIGIN_REGEX_WHITELIST = ('^(https?://)?(\w+.)?>google.com$', ) # 預設值: CORS_ORIGIN_REGEX_WHITELIST = ()
-
設定允許訪問的方法
CORS_ALLOW_METHODS = ( 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS' )
-
設定允許的header:
預設值: CORS_ALLOW_HEADERS = ( 'x-requested-with', 'content-type', 'accept', 'origin', 'authorization', 'x-csrftoken' )
-