This commit is contained in:
xieshen 2020-10-20 10:16:07 +08:00
parent 9d338c81bd
commit 9fd60202cd
1 changed files with 35 additions and 4 deletions

View File

@ -51,9 +51,6 @@ MIDDLEWARE = [
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = True
X_FRAME_OPTIONS = 'ALLOWALL url'
ROOT_URLCONF = 'spug_expand.urls'
TEMPLATES = [
@ -131,3 +128,37 @@ STATIC_URL = '/static/'
STATICFILES_DIRS = [
os.path.join(BASE_DIR, "static"),
]
# 跨域允许的请求方式,可以使用默认值,默认的请求方式为:
# from corsheaders.defaults import default_methods
CORS_ALLOW_METHODS = (
'GET',
'POST',
'PUT',
'PATCH',
'DELETE',
'OPTIONS'
)
# 允许跨域的请求头,可以使用默认值,默认的请求头为:
# from corsheaders.defaults import default_headers
# CORS_ALLOW_HEADERS = default_headers
CORS_ALLOW_HEADERS = (
'XMLHttpRequest',
'X_FILENAME',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
'Pragma',
)
# 跨域请求时是否运行携带cookie默认为False
CORS_ALLOW_CREDENTIALS = True
# 允许所有主机执行跨站点请求默认为False
# 如果没设置该参数,则必须设置白名单,运行部分白名单的主机才能执行跨站点请求
CORS_ORIGIN_ALLOW_ALL = True