跨域就是跨域名,跨端口
- 為什么會有跨域?
瀏覽器有同源限制策略
- 繞過瀏覽器同源策略就可以跨域
- 方式一: jsonp(利用瀏覽器特性)
在html動態創建script標簽
同源策略會阻止ajax請求,但不阻止具有src屬性的標簽
<script src='xxx'></script>
<img src='xxx' />
- 方式二: cors(硬剛)
添加中間件設置cors
class MiddlewareMixin: def __init__(self, get_response=None): self.get_response = get_response super().__init__() def __call__(self, request): response = None if hasattr(self, 'process_request'): response = self.process_request(request) response = response or self.get_response(request) if hasattr(self, 'process_response'): response = self.process_response(request, response) return response class CORSMiddleware(MiddlewareMixin): def process_response(self,request,response): # 允許你的域名來獲取的我數據 response["Access-Control-Allow-Origin"] = "*" return response
簡單請求 復雜請求
1、請求方式:HEAD、GET、POST
2、請求頭信息:
Accept
Accept-Language
Content-Language
Last-Event-ID
Content-Type 對應的值是以下三個中的任意一個
application/x-www-form-urlencoded
multipart/form-data
text/plain
注意:同時滿足以上兩個條件時,則是簡單請求,否則為復雜請求
簡單請求和非簡單請求的區別
簡單請求:一次請求
復雜請求:兩次請求,在發送數據之前會先發一次請求用於做“預檢”,只有“預檢”通過后才再發送一次請求
- 請求方式:OPTIONS - "預檢"其實做檢查,檢查如果通過則允許傳輸數據,檢查不通過則不再發送真正想要發送的消息 - 如何"預檢" => 如果復雜請求是PUT等請求,則服務端需要設置允許某請求,否則"預檢"不通過 Access-Control-Request-Method => 如果復雜請求設置了請求頭,則服務端需要設置允許某請求頭,否則"預檢"不通過 Access-Control-Request-Headers text/plain
class CORSMiddleware(MiddlewareMixin): def process_response(self,request,response): # 允許你的域名來獲取的我數據 # response["Access-Control-Allow-Origin"] = "*" # 允許你攜帶Content-Type請求頭 # response["Access-Control-Allow-Headers"] = "Content-Type" # 允許你發送DELETE,PUT # response["access_Control-Allow-Methods"] = "DELETE,PUT" if request.method == 'OPTIONS': response["Access-Control-Allow-Headers"] = "Content-Type" return response