stay Django Solve cross domain problems in One 、Cross domain issues in front and back end separation projects That is, homology strategy
The same-origin policy : The same-origin policy /SOP(Same origin policy) It's a convention , from Netscape company 1995 Browser introduced in , It is the core and most basic security feature of the browser , All support now JavaScript All browsers of will use this strategy . If the same origin policy is missing , Browsers are easily accessible XSS、 CSFR Such attacks .
Homologous refers to " agreement + domain name + port " All the same , Even if two different domains point to the same one ip Address , Nor a homologous .
Source is protocol 、 Domain name and port number .
agreement :http,https
Cross domain : The front end requests URL The agreement 、 domain name 、 Port and front page URL The difference is cross domain
# 1、 Install third party libraries django-cors-headers# 2、 stay settings.py Add 'corsheaders.middleware.CorsMiddleware', stay SessionMiddleware and CommonMiddleware In the middle of the # 3、 stay INSTALLED_APPS Add in “corsheaders”INSTALLED_APPS = [ 'search.apps.SearchConfig', 'data.apps.DataConfig', 'record_data.apps.RecordDataConfig', 'deleted_data.apps.DeletedDataConfig', 'mgmt.apps.MgmtConfig', 'c_test.apps.CTestConfig', 'rest_framework', 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'corsheaders', # newly added ]# 4、 Add... To the middleware corsheaders.middleware.CorsMiddleware,django.middleware.common.CommonMiddlewareMIDDLEWARE = [ # 'utils.middleware.ExceptionMiddleware', 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'corsheaders.middleware.CorsMiddleware', # newly added / Must be in common Middleware 'django.middleware.common.CommonMiddleware', # 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware',]# 5、 stay settings.py Bottom increase CORS_ALLOW_CREDENTIALS = True # Allowed to carry cookieCORS_ORIGIN_ALLOW_ALL = True # Release all CORS_ORIGIN_WHITELIST = ('*') # White list # CORS_ALLOW_METHODS: String list , What are allowed HTTP Request method .CORS_ALLOW_METHODS = ( 'DELETE', 'GET', 'OPTIONS', 'PATCH', 'POST', 'PUT', 'VIEW',)# CORS_ALLOW_HEADERS: String list , What non-standard HTTP Request header .CORS_ALLOW_HEADERS = ( 'accept', 'accept-encoding', 'authorization', 'content-type', 'dnt', 'origin', 'user-agent', 'x-csrftoken', 'x-requested-with',) Two 、# You can register a middleware by yourself , In middleware process_response Method for response encapsulate def process_response(self, request, response): response["Content-Type"] = "application/json" # The content format of the response message response["Access-Control-Allow-Origin"] = "*" # Source address that allows cross domain requests , * Express : Allow all addresses response["Access-Control-Allow-Methods"] = "POST, GET, OPTIONS" # Specific methods to allow cross domain requests response["Access-Control-Max-Age"] = "1000" # Used to specify the validity period of this pre inspection request , The unit is in seconds ,, In the meantime, there is no need to send another pre check request . response["Access-Control-Allow-Headers"] = "*" return responseThe cross domain implementation process is
1、 The browser will first send options The request asks whether the backend allows cross domain , The backend queries whether these two domain names are in the white list
2、 If the domain name is in the white list, inform the browser in the response result that cross domain is allowed
3、 The browser sends for the second time post request , Carry the user login data to the backend , Complete login verification
This is about Django cors This is the end of the article on cross domain issues , More about Django cors For cross domain content, please search the previous articles of SDN or continue to browse the relevant articles below. I hope you will support SDN more in the future !
