安装
pip install django-cors-headers
注册应用
INSTALLED_APPS = ( ... 'corsheaders', ... )
中间层设置
MIDDLEWARE = [ ... 'corsheaders.middleware.CorsMiddleware', 'django.middleware.common.CommonMiddleware', ... ]
添加白名单
# CORS 设置跨域域名 CORS_ORIGIN_WHITELIST = ( '127.0.0.1:8080', 'localhost:8080', 'www.xxxx.com:8080', 'api.xxxx.com:8000' )
CORS_ALLOW_CREDENTIALS = True # 允许携带cookie
ALLOWED_HOSTS = ['www.xxxx.com:8080','api.xxxx.com:8000','127.0.0.1']
# 前端需要携带cookies访问后端时,需要设置
withCredentials: true
设置允许访问的方法( 已测,没用 )
CORS_ALLOW_METHODS = ( 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS' )
设置允许的header:(未测)
CORS_ALLOW_HEADERS = ( 'x-requested-with', 'content-type', 'accept', 'origin', 'authorization', 'x-csrftoken' )
安装
pip install django-cors-headers
注册
1 INSTALLED_APPS = ( 2 'corsheaders', 3 )
添加中间件
1 MIDDLEWARE = [ 2 'django.middleware.security.SecurityMiddleware', 3 'django.contrib.sessions.middleware.SessionMiddleware', 4 'django.middleware.csrf.CsrfViewMiddleware', 5 'django.contrib.auth.middleware.AuthenticationMiddleware', 6 'django.contrib.messages.middleware.MessageMiddleware', 7 'django.middleware.clickjacking.XFrameOptionsMiddleware', 8 'corsheaders.middleware.CorsMiddleware', # 按顺序 9 'django.middleware.common.CommonMiddleware', # 按顺序 10 ]
CorsMiddleware应该放置得尽可能高,特别是在可以产生响应的任何中间件之前, 如Django CommonMiddleware或Whitenoise WhiteNoiseMiddleware。 如果以前没有,则无法将CORS头添加到这些响应中。
配置白名单
1 CORS_ALLOW_CREDENTIALS = True#允许携带cookie 2 CORS_ORIGIN_ALLOW_ALL = True 3 CORS_ORIGIN_WHITELIST = ( '*')#跨域增加忽略 4 CORS_ALLOW_METHODS = ( 'DELETE', 'GET', 'OPTIONS', 'PATCH', 'POST', 'PUT', 'VIEW', ) 5 #允许的请求头 6 CORS_ALLOW_HEADERS = ( 7 'XMLHttpRequest', 8 'X_FILENAME', 9 'accept-encoding', 10 'authorization', 11 'content-type', 12 'dnt', 13 'origin', 14 'user-agent', 15 'x-csrftoken', 16 'x-requested-with', 17 'Pragma', 18 )
前端项目设置请求头记得添加到CORS_ALLOW_HEADERS