ronin47

浏览: 997763 次
性别:
来自: 上海

最近访客更多访客>>

Sun_kiss

oszerone

hc_face

u012363178

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

django csrf token跨站请求

博客分类：

python&nodejs

django csrf

html部分：



<script>
$(document).ready(function(){
       $("button").click(function(){
         $.ajax({
             url: 'http://127.0.0.1:8000/',
type:'get',
dataType: 'json',
beforeSend: function(xhr) { xhr.setRequestHeader('Authorization','TOKEN ' + 'x048b18739ca6c46f8365c258f5'); },
success: function(data, status) {
               return console.log(data);
}
         });

});
});
</script>

django 安装

django-cors-headers


settings.py 配置

Install by downloading the source and running:

python setup.py install

pip install django-cors-headers

and then add it to your installed apps:

INSTALLED_APPS = (
    ...
    'corsheaders',
    ...
)

You will also need to add a middleware class to listen in on responses:

MIDDLEWARE_CLASSES = (
    ...
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    ...
)

Note that CorsMiddleware needs to come before Django's CommonMiddleware if you are using Django's USE_ETAGS = True setting, otherwise the CORS headers will be lost from the 304 not-modified responses, causing errors in some browsers.

Configuration

Add hosts that are allowed to do cross-site requests to CORS_ORIGIN_WHITELIST or set CORS_ORIGIN_ALLOW_ALL to Trueto allow all hosts.

CORS_ORIGIN_ALLOW_ALL: if True, the whitelist will not be used and all origins will be accepted

Default:

    CORS_ORIGIN_ALLOW_ALL = False

CORS_ORIGIN_WHITELIST: specify a list of origin hostnames that are authorized to make a cross-site HTTP request

Example:

    CORS_ORIGIN_WHITELIST = (
        'google.com',
        'hostname.example.com'
    )


Default:

    CORS_ORIGIN_WHITELIST = ()

CORS_ORIGIN_REGEX_WHITELIST: specify a regex list of origin hostnames that are authorized to make a cross-site HTTP request; Useful when you have a large amount of subdomains for instance.

Example:

    CORS_ORIGIN_REGEX_WHITELIST = ('^(https?://)?(\w+\.)?google\.com$', )


Default:

    CORS_ORIGIN_REGEX_WHITELIST = ()

You may optionally specify these options in settings.py to override the defaults. Defaults are shown below:

CORS_URLS_REGEX: specify a URL regex for which to enable the sending of CORS headers; Useful when you only want to enable CORS for specific URLs, e. g. for a REST API under /api/.

Example:

    CORS_URLS_REGEX = r'^/api/.*$'

Default:

    CORS_URLS_REGEX = '^.*$'

CORS_ALLOW_METHODS: specify the allowed HTTP methods that can be used when making the actual request

Default:

    CORS_ALLOW_METHODS = (
        'GET',
        'POST',
        'PUT',
        'PATCH',
        'DELETE',
        'OPTIONS'
    )

CORS_ALLOW_HEADERS: specify which non-standard HTTP headers can be used when making the actual request

Default:

    CORS_ALLOW_HEADERS = (
        'x-requested-with',
        'content-type',
        'accept',
        'origin',
        'authorization',
        'x-csrftoken'
    )

CORS_EXPOSE_HEADERS: specify which HTTP headers are to be exposed to the browser

Default:

    CORS_EXPOSE_HEADERS = ()

CORS_PREFLIGHT_MAX_AGE: specify the number of seconds a client/browser can cache the preflight response

Note: A preflight request is an extra request that is made when making a "not-so-simple" request (eg. content-type is not application/x-www-form-urlencoded) to determine what requests the server actually accepts. Read more about it here: [http://www.html5rocks.com/en/tutorials/cors/](http://www.html5rocks.com/en/tutorials/cors/)

Default:

    CORS_PREFLIGHT_MAX_AGE = 86400

CORS_ALLOW_CREDENTIALS: specify whether or not cookies are allowed to be included in cross-site HTTP requests (CORS).

Default:

    CORS_ALLOW_CREDENTIALS = False

CORS_REPLACE_HTTPS_REFERER: specify whether to replace the HTTP_REFERER header if CORS checks pass so that CSRF django middleware checks will work with https

Note: With this feature enabled, you also need to add the corsheaders.middleware.CorsPostCsrfMiddleware after django.middleware.csrf.CsrfViewMiddleware to undo the header replacement

Default:

    CORS_REPLACE_HTTPS_REFERER = False

分享到：

Jquery文字一行一行向上滚动 | 前后端数据交互方法

2016-07-28 11:26
浏览 865
评论(0)
分类:编程语言
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

django csrf token跨站请求

django-cors-headers

Configuration

评论

发表评论

相关推荐

最近访客 更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

django csrf token跨站请求

django-cors-headers

Configuration

评论

发表评论

相关推荐

python 类装饰器的四种场景写法

python logging 重复写日志问题

CSS 黑魔法小技巧，让你少写不必要的JS，代码更优雅

Redis 数据类型及应用场景

数据可视化的开源方案: Superset vs Redash vs Metabase

Nginx 限制单个IP的并发连接数/速度来减缓垃圾蜘蛛爬虫采集

docker 升级到最新版

PyMongo 常见问题

Python实战mongodb第3篇: Pymongo的分页查询

SQL转 MongoDB语法速查表

Logstash由于时区导致8小时时差解决方案

Kombu 源码解析一

分布式SQL查询引擎Presto原理介绍

一行Python代码实现树结构

命令行神器 Click

django 流式大文件文件下载

filebeat to elasticsearch针对于filebeat端性能优化--性能提升230%

re必杀技正则表达式大全——包括校验数字、字符、一些特殊的需求等等

n种elasticsearch按照日期定时批量删除索引

10个Python面试常问的问题

最近访客更多访客>>