使用中间件解决跨域问题
中间件.py:
from django.utils.deprecation import MiddlewareMixin
class CorsMiddle(MiddlewareMixin):
def process_response(self, request, response):
response['Access-Control-Allow-Origin'] = '*'
if request.method == 'OPTIONS':
response['Access-Control-Allow-Headers'] = 'Content-Type'
response['Access-Control-Allow-Methods'] = 'PUT,DELETE'
return response
from rest_framework.views import APIView
from rest_framework.views import Response
class TestView(APIView):
def get(self, request):
return Response('跨域测试')
def post(self, request):
return Response('post接口测试')
def put(self,request):
return Response('put请求测试')
....(还有个delete请求就省略了,跟put请求一样的)
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'middle.CorsMiddle', # 添加中间件
]
总结:
针对跨域请求,其实本质上是浏览器对返回的结果response的拦截
最好的解决办法就是在后端返回结果response时做数据处理,让浏览器不拦截
方法二:
pip install django-cors-headers
INSTALLED_APPS = [
.......
'corsheaders',
]
MIDDLEWARE = [
.......
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
........
]
LANGUAGE_CODE = 'zh-Hans'
TIME_ZONE = 'Asia/Shanghai'
USE_I18N = True
USE_L10N = True
USE_TZ = True
# 添加在最下面
CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = True
CORS_ORIGIN_WHITELIST = (
#白名单 '127.0.0.1:8020'
'*',
)
CORS_ALLOW_METHODS = (
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
'VIEW',
)
CORS_ALLOW_HEADERS = (
'XMLHttpRequest',
'X_FILENAME',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
'Pragma',
)