How does the Python Django application solve the problem of cross-origin AJAX access?

How does the Python Django application solve the problem of cross-origin AJAX access?

Introduction
Django writes an API on the server and returns a JSON data. Use Ajax to call this API:

<! Doctype html> 
However, the Chrome browser prompts an error:

No 'Access-Control-Allow-Origin' header is present on the requested resource.
Some Google found that this problem was caused by CORS.
What is CORS?
CORS (Cross-Origin Resource Sharing) is a Cross-Origin access mechanism that allows Ajax to implement Cross-Origin access.
In fact, you can add "Access-Control-Allow-Origin: *" to the server's response header to support CORS, which is very simple. For how to configure apache/nginx, see the reference document.
For example:

 
 
 
  
The API is deployed on DomainA;
 
 
  
The Ajax file is deployed on DomainB. The Ajax file sends a request to the API and returns data;
 
 
  
The user accesses the Ajax file of DomainB through DomainC and requests data.

 
The above process involves cross-origin access. If Ajax is used directly, the request will fail, as prompted by Chrome:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
How can I solve the problem of cross-origin Ajax access?
There are two ways to solve the cross-origin problem: 1. Use jsonp 2. Make CORS take effect
To use the jsonp method, you need to enable the server to return the response in the jsonp format. For example, Django can add jsonp-related decorator, for example, callback.
CORS: This is easy to use. Currently, most browsers support CORS, and my web server is fully open for calls. Therefore, CORS is recommended.
1. Use JSONP
Cross-origin restrictions exist when Ajax is used to obtain json data. However, when calling js script files on the web page, it is not affected by cross-origin. JSONP uses this to implement cross-origin transmission. Therefore, we need to change the dataType In the Ajax call from JSON to JSONP (the corresponding API also needs to support JSONP) format.
JSONP can only be used for GET requests.
2. directly modify the views. py file in Django
Modify the implementation functions of the corresponding API in views. py to allow other domains to request data through Ajax:

def myview(_request):  response = HttpResponse(json.dumps({"key": "value", "key2": "value"}))  response["Access-Control-Allow-Origin"] = "*"  response["Access-Control-Allow-Methods"] = "POST, GET, OPTIONS"  response["Access-Control-Max-Age"] = "1000"  response["Access-Control-Allow-Headers"] = "*"  return response
3. Install django-cors-headers
Here are some other discoveries! In Django, someone has developed the middleware of CORS-header. You only need to make some simple configuration in settings. py. For details, see: Configure !~
Install django-cors-headers:
pip install django-cors-headers
Add:
INSTALLED_APPS = (  ...  'corsheaders',  ...)...MIDDLEWARE_CLASSES = (  ...  'corsheaders.middleware.CorsMiddleware',  'django.middleware.common.CommonMiddleware',  ...)
You can configure a whitelist that allows cross-origin access or directly set it to allow all cross-origin access. For specific configurations, refer to their github page description.