当前位置：网站首页>Cross domain overview, simple accumulation

Cross domain overview, simple accumulation

2022-06-24 10:28:00 【Right eye remnant】

Tips ： When the article is finished , Directories can be generated automatically , How to generate it, please refer to the help document on the right

List of articles

One 、 The same-origin policy
Two 、CORS
3、 ... and 、Django Cross domain solutions in
- 1. Allow information in the returned results
- 2. Use django-cors-headers

One 、 The same-origin policy

Provide a security mechanism for browsers ; Requested url The address must match the... On the browser url The same domain , namely ： port , agreement ,IP All the same , If either one is not satisfied , It means different source ;

Such as ： from 127.0.0.1：8000 request 127.0.0.1:8001

When not handled , The browser will react to an error and intercept it .

Two 、CORS

CORS（ Cross-domain resource sharing ）, Both browser and server support to solve cross domain problems .
CORS There are two types of requests ： Simple request and non simple request

The request method is ：HEAD, GET,POST One of them
HTTP The header information of does not exceed ：Accept, Accept-Language, Content-Language, Content-type
Meet the above two conditions , Means a simple request

A simple request ： Send only once
It's not a simple request ： Contains two requests , For the first time OPTIONS（ Pre inspection request ）, If the pre check passes, a second request is sent （ The real data ）

Cross domain solutions ：
- A simple request ：
   Server set response header ：Access-Control-Allow-Origin = ' domain name ' or ‘*’
- It's not a simple request ：
   When sending a pre inspection request , Allow request mode ：Access-Control-Request-Method; Allow request header ：Access-Control-Request-Headers

Realization principle ：
   When the browser finds a cross domain request , If it's a simple request , Will add... In the request header Origin Field , Indicates from which source ; The server received a response , Will add... To the response header Access-Control-Allow-Origin, Specify the domain name or generic configuration ;

3、 ... and 、Django Cross domain solutions in

1. Allow information in the returned results

data = {
    "dafd": access_token}
response = HttpResponse(json.dumps(data))
#  Handle simple requests 
response["Access-Control-Allow-Origin"] = "*"
#  Pre inspection method 
response["Access-Control-Allow-Methods"] = "POST, GET"
response["Access-Control-Max-Age"] = "1000"
#  Pre check request header 
response["Access-Control-Allow-Headers"] = "*"
return response

2. Use django-cors-headers

django-cors-headers When a third party relies on , Use pip download , modify settings The configuration file

pip install django-cors-headers

stay setting.py Add an application to ：

INSTALLED_APPS = [
	...
    'corsheaders',
    ...
]

Add Middleware ：

MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    ...
]

Add at the end of the file ：

CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = True
CORS_ORIGIN_WHITELIST = (
    '*'
)
CORS_ALLOW_METHODS = (
    'DELETE',
    'GET',
    'OPTIONS',
    'PATCH',
    'POST',
    'PUT',
    'VIEW',
)

CORS_ALLOW_HEADERS = (
    'XMLHttpRequest',
    'X_FILENAME',
    'accept-encoding',
    'authorization',
    'content-type',
    'dnt',
    'origin',
    'user-agent',
    'x-csrftoken',
    'x-requested-with',
    'Pragma',

)