用django写的api,供第三方调用,但是出现个问题
一,问题
1.用form表单提交ok
2.用ajax方式显示失败,如下提示
==================================================================
XMLHttpRequest cannot load http://www.itnihao.com/api,Origin null is not allowed by Access-Control-Allow-Origin.
==================================================================
以上提示信息是跨域访问验证失败,因为django不允许这种跨域访问
二,解决办法
进入项目目录,新建文件
#mkidr middleware
#touch middleware/__init.py__
#vim middleware/crossdomainxhr.py
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
from
django
import
http
try
:
from
django.conf
import
settings
XS_SHARING_ALLOWED_ORIGINS
=
settings.XS_SHARING_ALLOWED_ORIGINS
XS_SHARING_ALLOWED_METHODS
=
settings.XS_SHARING_ALLOWED_METHODS
XS_SHARING_ALLOWED_HEADERS
=
settings.XS_SHARING_ALLOWED_HEADERS
XS_SHARING_ALLOWED_CREDENTIALS
=
settings.XS_SHARING_ALLOWED_CREDENTIALS
except
AttributeError:
XS_SHARING_ALLOWED_ORIGINS
=
'*'
#XS_SHARING_ALLOWED_METHODS = ['POST', 'GET', 'OPTIONS', 'PUT', 'DELETE']
XS_SHARING_ALLOWED_METHODS
=
[
'POST'
,
'GET'
]
XS_SHARING_ALLOWED_HEADERS
=
[
'Content-Type'
,
'*'
]
XS_SHARING_ALLOWED_CREDENTIALS
=
'true'
class
XsSharing(
object
):
"""
This middleware allows cross-domain XHR using the html5 postMessage API.
Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Based off https://gist.github.com/426829
"""
def
process_request(
self
, request):
if
'HTTP_ACCESS_CONTROL_REQUEST_METHOD'
in
request.META:
response
=
http.HttpResponse()
response[
'Access-Control-Allow-Origin'
]
=
XS_SHARING_ALLOWED_ORIGINS
response[
'Access-Control-Allow-Methods'
]
=
","
.join( XS_SHARING_ALLOWED_METHODS )
response[
'Access-Control-Allow-Headers'
]
=
","
.join( XS_SHARING_ALLOWED_HEADERS )
response[
'Access-Control-Allow-Credentials'
]
=
XS_SHARING_ALLOWED_CREDENTIALS
return
response
return
None
def
process_response(
self
, request, response):
response[
'Access-Control-Allow-Origin'
]
=
XS_SHARING_ALLOWED_ORIGINS
response[
'Access-Control-Allow-Methods'
]
=
","
.join( XS_SHARING_ALLOWED_METHODS )
response[
'Access-Control-Allow-Headers'
]
=
","
.join( XS_SHARING_ALLOWED_HEADERS )
response[
'Access-Control-Allow-Credentials'
]
=
XS_SHARING_ALLOWED_CREDENTIALS
return
response
|
在settings.py添加(MIDDLEWARE_CLASSES这里添加)
|
1
|
'middleware.crossdomainxhr.XsSharing'
,
|
本文转自it你好 51CTO博客,原文链接:http://blog.51cto.com/itnihao/1324962,如需转载请自行联系原作者
