django允许post跨域访问

用django写的api，供第三方调用，但是出现个问题

一，问题

1.用form表单提交ok

2.用ajax方式显示失败，如下提示

==================================================================

XMLHttpRequest cannot load http://www.itnihao.com/api，Origin null is not allowed by Access-Control-Allow-Origin.

 以上提示信息是跨域访问验证失败，因为django不允许这种跨域访问

二，解决办法

进入项目目录，新建文件

<code>#mkidr middleware</code>

<code>#touch middleware/__init.py__</code>

<code>#vim middleware</code><code>/</code><code>crossdomainxhr.py</code>

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

<code>from</code> <code>django </code><code>import</code> <code>http</code>

<code>                                                                                                                                                                </code> 

<code>try</code><code>:</code>

<code>    </code><code>from</code> <code>django.conf </code><code>import</code> <code>settings</code>

<code>    </code><code>XS_SHARING_ALLOWED_ORIGINS </code><code>=</code> <code>settings.XS_SHARING_ALLOWED_ORIGINS</code>

<code>    </code><code>XS_SHARING_ALLOWED_METHODS </code><code>=</code> <code>settings.XS_SHARING_ALLOWED_METHODS</code>

<code>    </code><code>XS_SHARING_ALLOWED_HEADERS </code><code>=</code> <code>settings.XS_SHARING_ALLOWED_HEADERS</code>

<code>    </code><code>XS_SHARING_ALLOWED_CREDENTIALS </code><code>=</code> <code>settings.XS_SHARING_ALLOWED_CREDENTIALS</code>

<code>except</code> <code>AttributeError:</code>

<code>    </code><code>XS_SHARING_ALLOWED_ORIGINS </code><code>=</code> <code>'*'</code>

<code>    </code><code>#XS_SHARING_ALLOWED_METHODS = ['POST', 'GET', 'OPTIONS', 'PUT', 'DELETE']</code>

<code>    </code><code>XS_SHARING_ALLOWED_METHODS </code><code>=</code> <code>[</code><code>'POST'</code><code>, </code><code>'GET'</code><code>]</code>

<code>    </code><code>XS_SHARING_ALLOWED_HEADERS </code><code>=</code> <code>[</code><code>'Content-Type'</code><code>, </code><code>'*'</code><code>]</code>

<code>    </code><code>XS_SHARING_ALLOWED_CREDENTIALS </code><code>=</code> <code>'true'</code>

<code>class</code> <code>XsSharing(</code><code>object</code><code>):</code>

<code>    </code><code>"""</code>

<code>    </code><code>This middleware allows cross-domain XHR using the html5 postMessage API.</code>

<code>                                                                                                                                                                    </code> 

<code>    </code><code>Access-Control-Allow-Origin: http://foo.example</code>

<code>    </code><code>Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE</code>

<code>    </code><code>Based off https://gist.github.com/426829</code>

<code>    </code><code>def</code> <code>process_request(</code><code>self</code><code>, request):</code>

<code>        </code><code>if</code> <code>'HTTP_ACCESS_CONTROL_REQUEST_METHOD'</code> <code>in</code> <code>request.META:</code>

<code>            </code><code>response </code><code>=</code> <code>http.HttpResponse()</code>

<code>            </code><code>response[</code><code>'Access-Control-Allow-Origin'</code><code>]  </code><code>=</code> <code>XS_SHARING_ALLOWED_ORIGINS</code>

<code>            </code><code>response[</code><code>'Access-Control-Allow-Methods'</code><code>] </code><code>=</code> <code>","</code><code>.join( XS_SHARING_ALLOWED_METHODS )</code>

<code>            </code><code>response[</code><code>'Access-Control-Allow-Headers'</code><code>] </code><code>=</code> <code>","</code><code>.join( XS_SHARING_ALLOWED_HEADERS )</code>

<code>            </code><code>response[</code><code>'Access-Control-Allow-Credentials'</code><code>] </code><code>=</code> <code>XS_SHARING_ALLOWED_CREDENTIALS</code>

<code>            </code><code>return</code> <code>response</code>

<code>        </code><code>return</code> <code>None</code>

<code>    </code><code>def</code> <code>process_response(</code><code>self</code><code>, request, response):</code>

<code>        </code><code>response[</code><code>'Access-Control-Allow-Origin'</code><code>]  </code><code>=</code> <code>XS_SHARING_ALLOWED_ORIGINS</code>

<code>        </code><code>response[</code><code>'Access-Control-Allow-Methods'</code><code>] </code><code>=</code> <code>","</code><code>.join( XS_SHARING_ALLOWED_METHODS )</code>

<code>        </code><code>response[</code><code>'Access-Control-Allow-Headers'</code><code>] </code><code>=</code> <code>","</code><code>.join( XS_SHARING_ALLOWED_HEADERS )</code>

<code>        </code><code>response[</code><code>'Access-Control-Allow-Credentials'</code><code>] </code><code>=</code> <code>XS_SHARING_ALLOWED_CREDENTIALS</code>

<code>        </code><code>return</code> <code>response</code>

在settings.py添加（MIDDLEWARE_CLASSES这里添加）

<code>'middleware.crossdomainxhr.XsSharing'</code><code>,</code>

<a href="http://blog.51cto.com/attachment/201311/181409815.png" target="_blank"></a>

本文转自it你好 51CTO博客，原文链接：http://blog.51cto.com/itnihao/1324962，如需转载请自行联系原作者