Django后端彻底解决跨域问题

最近在接一个前后端分离的项目,后端使用的django-restframework,前端使用的Vue。后端跑起来后,发现前端在访问后端API时出了了跨域的问题。

类似如下报错:

关于跨域问题,之前这篇文章也提到过一、前后端交互之Ajax及跨域问题,当时里面是使用的jsonp方式,但是jsonp只支持GET方法,不能全面支持跨域。

这里主要学习一下通过后端解决跨域问题的方法,其实前端也有解决跨域的方法,后面学习到了再写一个文章记录。

 

django后端解决跨域方式一Middleware

中间介实现跨域过程

1、新建中间介包

#mkidr middleware

#touch middleware/__init.py__

#vim middleware/crossdomainxhr.py

from django import http
                                                                                                                                                                 
try:
    from django.conf import settings
    XS_SHARING_ALLOWED_ORIGINS = settings.XS_SHARING_ALLOWED_ORIGINS
    XS_SHARING_ALLOWED_METHODS = settings.XS_SHARING_ALLOWED_METHODS
    XS_SHARING_ALLOWED_HEADERS = settings.XS_SHARING_ALLOWED_HEADERS
    XS_SHARING_ALLOWED_CREDENTIALS = settings.XS_SHARING_ALLOWED_CREDENTIALS
except AttributeError:
    XS_SHARING_ALLOWED_ORIGINS = '*'
    #XS_SHARING_ALLOWED_METHODS = ['POST', 'GET', 'OPTIONS', 'PUT', 'DELETE']
    XS_SHARING_ALLOWED_METHODS = ['POST', 'GET']
    XS_SHARING_ALLOWED_HEADERS = ['Content-Type', '*']
    XS_SHARING_ALLOWED_CREDENTIALS = 'true'
                                                                                                                                                                 
                                                                                                                                                                 
class XsSharing(object):
    """
    This middleware allows cross-domain XHR using the html5 postMessage API.
                                                                                                                                                                     
    Access-Control-Allow-Origin: http://foo.example
    Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
                                                                                                                                                                 
    Based off https://gist.github.com/426829
    """
    def process_request(self, request):
        if 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' in request.META:
            response = http.HttpResponse()
            response['Access-Control-Allow-Origin']  = XS_SHARING_ALLOWED_ORIGINS
            response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS )
            response['Access-Control-Allow-Headers'] = ",".join( XS_SHARING_ALLOWED_HEADERS )
            response['Access-Control-Allow-Credentials'] = XS_SHARING_ALLOWED_CREDENTIALS
            return response
                                                                                                                                                                 
        return None
                                                                                                                                                                 
    def process_response(self, request, response):
        response['Access-Control-Allow-Origin']  = XS_SHARING_ALLOWED_ORIGINS
        response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS )
        response['Access-Control-Allow-Headers'] = ",".join( XS_SHARING_ALLOWED_HEADERS )
        response['Access-Control-Allow-Credentials'] = XS_SHARING_ALLOWED_CREDENTIALS
                                                                                                                                                                 
        return response

  

settings文件配置:

 在中间介新增配置

'finance.middleware.crossdomainxhr.XsSharing',

 

跨域配置:

我这里前端使用的是源是http://127.0.0.1:8081

# crossdomain
#XS_SHARING_ALLOWED_ORIGINS ='*'
XS_SHARING_ALLOWED_ORIGINS = 'http://127.0.0.1:8081'
XS_SHARING_ALLOWED_METHODS = ['POST', 'GET']
XS_SHARING_ALLOWED_HEADERS = ['Content-Type', '*']
XS_SHARING_ALLOWED_CREDENTIALS = 'true'

  

 

 

django后端解决跨域方式二django-cors-headers

 通过第三方包方式:https://github.com/ottoyiu/django-cors-headers

注意:既然有第三方包,name为什么还要用第一种方式,自己写呢?原因是第三方包对Django的版本有要求:

 

有些Django版本比较老的话 就只能用第一种方式咯。

具体实现如下:

1、安装django-cors-headers

pip install django-cors-headers

  

2、配置settings.py文件

a.在INSTALLED_APPS里添加“corsheaders”

INSTALLED_APPS = [
    ...
    'corsheaders',
    ...
 ]

  

b.在MIDDLEWARE_CLASSES添加配置:

MIDDLEWARE_CLASSES = (
    ...
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    ...
)

  

c.在sitting.py底部添加

CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = True
CORS_ORIGIN_WHITELIST = ()
 
CORS_ALLOW_METHODS = (
    'DELETE',
    'GET',
    'OPTIONS',
    'PATCH',
    'POST',
    'PUT',
    'VIEW',
)
 
CORS_ALLOW_HEADERS = (
    'accept',
    'accept-encoding',
    'authorization',
    'content-type',
    'dnt',
    'origin',
    'user-agent',
    'x-csrftoken',
    'x-requested-with',
)

  

 

posted @ 2019-04-09 11:08  skyflask  阅读(17101)  评论(0编辑  收藏  举报