single |
===================
django-cors-headers
===================
:alt: pre-commit
A Django App that adds Cross-Origin Resource Sharing (CORS) headers to
responses. This allows in-browser requests to your Django application from
other origins.
----
**Improve your Django and Git skills** with [my books].
----
About CORS
----------
Adding CORS headers allows your resources to be accessed on other domains.
It's
important you understand the implications before adding the headers, since
you
could be unintentionally opening up your site's private data to others.
Some good resources to read on the subject are:
* Julia Evans' [introductory comic] and
[educational quiz].
* Jake Archibald’s [How to win at CORS]
* The [MDN Article]
* The `web.dev Article
`_
* The [Wikipedia Page]
Requirements
------------
Python 3.9 to 3.13 supported.
Django 4.2 to 5.1 supported.
Setup
-----
Install from **pip**:
.. code-block:: sh
python -m pip install django-cors-headers
and then add it to your installed apps:
.. code-block:: python
INSTALLED_APPS = [
...,
"corsheaders",
...,
]
Make sure you add the trailing comma or you might get a ModuleNotFoundError
(see [this blog
post]).
You will also need to add a middleware class to listen in on responses:
.. code-block:: python
MIDDLEWARE = [
...,
"corsheaders.middleware.CorsMiddleware",
"django.middleware.common.CommonMiddleware",
...,
]
CorsMiddleware should be placed as high as possible, especially before any
middleware that can generate responses such as Django's CommonMiddleware or
Whitenoise's WhiteNoiseMiddleware. If it is not before, it will not be able
to add the CORS headers to these responses.
About
-----
**django-cors-headers** was created in January 2013 by Otto Yiu. It went
unmaintained from August 2015 and was forked in January 2016 to the package
`django-cors-middleware
`_
by Laville Augustin at Zeste de Savoir.
In September 2016, Adam Johnson, Ed Morley, and others gained maintenance
responsibility for **django-cors-headers**
([Issue 110])
from Otto Yiu.
Basically all of the changes in the forked **django-cors-middleware** were
merged back, or re-implemented in a different way, so it should be possible
to
switch back. If there's a feature that hasn't been merged, please open an
issue
about it.
|