使用中間件解決跨域問題
中間件.py:
from django.utils.deprecation import MiddlewareMixin
class CorsMiddle(MiddlewareMixin):
def process_response(self, request, response):
response['Access-Control-Allow-Origin'] = '*'
if request.method == 'OPTIONS':
response['Access-Control-Allow-Headers'] = 'Content-Type'
response['Access-Control-Allow-Methods'] = 'PUT,DELETE'
return response
from rest_framework.views import APIView
from rest_framework.views import Response
class TestView(APIView):
def get(self, request):
return Response('跨域測試')
def post(self, request):
return Response('post接口測試')
def put(self,request):
return Response('put請求測試')
....(還有個delete請求就省略了,跟put請求一樣的)
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'middle.CorsMiddle', # 添加中間件
]
總結:
針對跨域請求,其實本質上是瀏覽器對返回的結果response的攔截
最好的解決辦法就是在後端返回結果response時做數據處理,讓瀏覽器不攔截
方法二:
pip install django-cors-headers
INSTALLED_APPS = [
.......
'corsheaders',
]
MIDDLEWARE = [
.......
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
........
]
LANGUAGE_CODE = 'zh-Hans'
TIME_ZONE = 'Asia/Shanghai'
USE_I18N = True
USE_L10N = True
USE_TZ = True
# 添加在最下面
CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = True
CORS_ORIGIN_WHITELIST = (
#白名單 '127.0.0.1:8020'
'*',
)
CORS_ALLOW_METHODS = (
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
'VIEW',
)
CORS_ALLOW_HEADERS = (
'XMLHttpRequest',
'X_FILENAME',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
'Pragma',
)