HTTP header CORS policy - 'Access-Control-Allow-Origin'
- sof
- S3 CORS Policy를 일단 다 때려넣어봤다
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"HEAD",
"PUT",
"GET",
"POST",
"DELETE"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [
"x-amz-request-id",
"x-amz-server-side-encryption",
"x-amz-version-id",
"Content-Length",
"Content-Type",
"Connection",
"Date",
"ETag",
"x-amz-delete-marker"
]
}
]
그리고 미들웨어를 하나 만들었다. django-cors-headers는 쓰레기다 다음 미들웨어는 모든 response 헤더에 Acess-Control-Allow-Headers
를 추가한다.
from django import http
class CorsMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
response = self.get_response(request)
if (request.method == "OPTIONS" and "HTTP_ACCESS_CONTROL_REQUEST_METHOD" in request.META):
response = http.HttpResponse()
response["Content-Length"] = "0"
response["Access-Control-Max-Age"] = 86400
response["Access-Control-Allow-Origin"] = "*"
response["Access-Control-Allow-Methods"] = "DELETE, GET, OPTIONS, PATCH, POST, PUT"
response["Access-Control-Allow-Headers"] = "accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with"
return response