-
-
Save strogonoff/1369619 to your computer and use it in GitHub Desktop.
from django import http | |
try: | |
from django.conf import settings | |
XS_SHARING_ALLOWED_ORIGINS = settings.XS_SHARING_ALLOWED_ORIGINS | |
XS_SHARING_ALLOWED_METHODS = settings.XS_SHARING_ALLOWED_METHODS | |
XS_SHARING_ALLOWED_HEADERS = settings.XS_SHARING_ALLOWED_HEADERS | |
XS_SHARING_ALLOWED_CREDENTIALS = settings.XS_SHARING_ALLOWED_CREDENTIALS | |
except AttributeError: | |
XS_SHARING_ALLOWED_ORIGINS = '*' | |
XS_SHARING_ALLOWED_METHODS = ['POST', 'GET', 'OPTIONS', 'PUT', 'DELETE'] | |
XS_SHARING_ALLOWED_HEADERS = ['Content-Type', '*'] | |
XS_SHARING_ALLOWED_CREDENTIALS = 'true' | |
class XsSharing(object): | |
""" | |
This middleware allows cross-domain XHR using the html5 postMessage API. | |
Access-Control-Allow-Origin: http://foo.example | |
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE | |
Based off https://gist.github.com/426829 | |
""" | |
def process_request(self, request): | |
if 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' in request.META: | |
response = http.HttpResponse() | |
response['Access-Control-Allow-Origin'] = XS_SHARING_ALLOWED_ORIGINS | |
response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS ) | |
response['Access-Control-Allow-Headers'] = ",".join( XS_SHARING_ALLOWED_HEADERS ) | |
response['Access-Control-Allow-Credentials'] = XS_SHARING_ALLOWED_CREDENTIALS | |
return response | |
return None | |
def process_response(self, request, response): | |
response['Access-Control-Allow-Origin'] = XS_SHARING_ALLOWED_ORIGINS | |
response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS ) | |
response['Access-Control-Allow-Headers'] = ",".join( XS_SHARING_ALLOWED_HEADERS ) | |
response['Access-Control-Allow-Credentials'] = XS_SHARING_ALLOWED_CREDENTIALS | |
return response |
Where does this middleware folder go?
Anywhere that it can be picked up on your Python search path.
What should be in init.py?
Nothing. The presence of an empty __init__.py
file in a directory is sufficient to allow the directory to be treated as a Python module (and thus allow the middleware to be imported).
And what is meant by "below config"?
Hmm, not too clear on that one, but I suspect that if you put those variables somewhere below MIDDLEWARE_CLASSES
in your settings.py
, you'll be OK.
This worked for me when I was getting blank response using jquery and tastypie. Thank you so much!
I had to add the extra auth headers and then this worked great! Couldn't get the other GIST about CORSResource for Tastypie to work. This is how I configured it:
XS_SHARING_ALLOWED_HEADERS = ['authorization'] # IF START SEEING ERRORS HERE must DUPLICATE ' Access-Control-Request-Headers' from request see https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS
There is any special reason you assign variables outside class instead of init of the class ?
And what is meant by "below config"?