Django drf:手撸自定义跨域
项目需求:
1.用域名8000向8001发送请求,用django框架解决跨域问题
2.用上自定义中间件配置,支持get、post、put、detele和非简单请求
3.支持版本控制
4.在setting中配置白名单列表,在表中域名可以访问,否则返回错误信息
# 首先8000端口url层设置路由
from django.conf.urls import url from django.contrib import admin from app import views urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^index/', views.test), ]
#写test视图函数
from django.views.decorators.cache import cache_page import time from rest_framework.response import Response # 单页面缓存10秒 # @cache_page(10) def test(request): print('三儿来了!') ctime = time.time() return render(request,'index.html',locals())
# 模板层写index模板(这里用到ajax向后台提交数据,需要引入bootstop且在setting中配置)
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <script src="/static/jquery-3.3.1.js"></script> <title>Title</title> </head> <body> 不缓存 {{ ctime }} <br> 存在的缓存 {#{% load cache %}#} {#第一个是超时时间,缓存时间。第二个参数是Key值,别名。#} {#{% cache 10 'test' %}#} {# {{ ctime }}#} {#{% endcache %}#} <button id="btn">点我发请求</button> </body> <script> $("#btn").click(function () { $.ajax({ url: 'http://127.0.0.1:8001/v1/publishs/', {#type: 'get',#} type:'post', {#type:'put',#} contentType:'application/json', {#data:JSON.stringify({'name':'egon'}),#} success: function (data) { console.log(data) } }) }) </script> </html>
# ajax提交的路由请求http://127.0.0.1:8001/v1/publishs/
# 由于请求的是V1版本,我们在端口8001路由层中设置版本路由
from django.conf.urls import url from django.contrib import admin from app import views urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^(?P<version>[v1|v2]+)/publishs/', views.PublishView.as_view()), ]
# 写对应的的函数视图
from rest_framework.views import APIView from rest_framework.versioning import URLPathVersioning from rest_framework.response import Response # 版本控制的局部使用 class PublishView(APIView): # versioning_class = QueryParameterVersioning # 基于url的get传参方法 versioning_class = URLPathVersioning # 基于url的正则方式 def get(self,request,*args,**kwargs): print(request.version) return Response({'status':100}) def post(self,request,*args,**kwargs): print(request.method) return Response({'status': 100, 'msg': 'post'}) def delete(self,request,*args,**kwargs): print(request.method) return Response({'status':100,'msg':'delete'}) def put(self,request,*args,**kwargs): print(request.method) return Response({'status':100,'msg':'put'})
#这个时候写定义中间件
from django.utils.deprecation import MiddlewareMixin from django.conf import settings from rest_framework.response import Response from django.http import JsonResponse class CORSMiddle(MiddlewareMixin): def process_response(self,request,response): # # print(request.META['HTTP_ORIGIN']) host_list = settings.OPEN_HOST host = request.META['HTTP_ORIGIN'] response['Access-Control-Allow-Origin'] = host if request.method == 'OPTIONS': response['Access-Control-Allow-Methods'] = 'PUT,DELETE,POST,GET' response['Access-Control-Allow-Headers'] = 'Content-Type' print(host,host_list) if host not in host_list: # rep = JsonResponse({'msg':'error 非法访问!'}) rep = Response({'msg':'error 非法访问!'}) rep['Access-Control-Allow-Origin'] = host return rep return response
# 自定义中间需要到setting中做配置,且把csrf注销
MIDDLEWARE = [ 'django.middleware.security.SecurityMid' '' 'dleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', # 'django.middleware.csrf.CsrfViewMiddleware', 'app.center.CORSMiddle',# 此为自定义中间件 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ]
# 后面需要在setting中自定义白名单
OPEN_HOST = ['http://127.0.0.1:8002','http://127.0.0.1:8003']
