Skip to content

Instantly share code, notes, and snippets.

@vinyll

vinyll/django-crossdomainxhr-middleware.py

Forked from vicalejuri/django-crossdomainxhr-middleware.py
Created March 15, 2012 09:01
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save vinyll/2043072 to your computer and use it in GitHub Desktop.
Save vinyll/2043072 to your computer and use it in GitHub Desktop.
Download ZIP
Middlware to allow's your django server to respond appropriately to cross domain XHR (postMessage html5 API).
Raw
django-crossdomainxhr-middleware.py
import re
from django.utils.text import compress_string
from django.utils.cache import patch_vary_headers
from django import http
from django.conf import settings
XS_SHARING_ALLOWED_ORIGINS = getattr(settings, 'XS_SHARING_ALLOWED_ORIGINS', '*')
XS_SHARING_ALLOWED_METHODS = getattr(settings, 'XS_SHARING_ALLOWED_METHODS', ['POST','GET','OPTIONS', 'PUT', 'DELETE'])
class XsSharing(object):
"""
This middleware allows cross-domain XHR using the html5 postMessage API.
Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
"""
def process_request(self, request):
if 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' in request.META:
response = http.HttpResponse()
response['Access-Control-Allow-Origin'] = XS_SHARING_ALLOWED_ORIGINS
response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS )
return response
return None
def process_response(self, request, response):
# Avoid unnecessary work
if response.has_header('Access-Control-Allow-Origin'):
return response
response['Access-Control-Allow-Origin'] = XS_SHARING_ALLOWED_ORIGINS
response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS )
return response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment