single |
===================
django-cors-headers
===================
:alt: pre-commit
A Django App that adds Cross-Origin Resource Sharing (CORS) headers to
responses. This allows in-browser requests to your Django application from
other origins.
About CORS
----------
Adding CORS headers allows your resources to be accessed on other domains.
It's
important you understand the implications before adding the headers, since
you
could be unintentionally opening up your site's private data to others.
Some good resources to read on the subject are:
* Julia Evans' [introductory comic] and
[educational quiz].
* The [Wikipedia Page]
* The [MDN Article]
* The [HTML5 Rocks Tutorial]
Requirements
------------
Python 3.6 to 3.10 supported.
Django 2.2 to 4.0 supported.
----
**Are your tests slow?**
Check out my book [Speed Up Your Django Tests] which covers loads of best
practices so you can write faster, more accurate tests.
----
Setup
-----
Install from **pip**:
.. code-block:: sh
python -m pip install django-cors-headers
and then add it to your installed apps:
.. code-block:: python
INSTALLED_APPS = [
...,
"corsheaders",
...,
]
Make sure you add the trailing comma or you might get a ModuleNotFoundError
(see [this blog
post]).
You will also need to add a middleware class to listen in on responses:
.. code-block:: python
MIDDLEWARE = [
...,
"corsheaders.middleware.CorsMiddleware",
"django.middleware.common.CommonMiddleware",
...,
]
CorsMiddleware should be placed as high as possible, especially before any
middleware that can generate responses such as Django's CommonMiddleware or
Whitenoise's WhiteNoiseMiddleware. If it is not before, it will not be able
to add the CORS headers to these responses.
Also if you are using CORS_REPLACE_HTTPS_REFERER it should be placed before
Django's CsrfViewMiddleware (see more below).
About
-----
**django-cors-headers** was created in January 2013 by Otto Yiu. It went
unmaintained from August 2015 and was forked in January 2016 to the package
`django-cors-middleware
`_
by Laville Augustin at Zeste de Savoir.
In September 2016, Adam Johnson, Ed Morley, and others gained maintenance
responsibility for **django-cors-headers**
([Issue 110])
from Otto Yiu.
Basically all of the changes in the forked **django-cors-middleware** were
merged back, or re-implemented in a different way, so it should be possible
to
switch back. If there's a feature that hasn't been merged, please open an
|