zhuchaowe/maxkb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 跨域失效 (#394)

Browse Source
This commit is contained in:
shaohuzhang1 2024-05-08 18:46:58 +08:00 committed by GitHub
parent 69e39f5ee5
commit 3fb6192021
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
apps/common/middleware/cross_domain_middleware.py
View File

@ -17,27 +17,23 @@ class CrossDomainMiddleware(MiddlewareMixin):
def process_request(self, request): def process_request(self, request):
if request.method == 'OPTIONS': if request.method == 'OPTIONS':
auth = request.META.get('HTTP_AUTHORIZATION') return HttpResponse(status=200,
if auth is not None and str(auth).startswith("application-"): headers={
application_api_key = QuerySet(ApplicationApiKey).filter(secret_key=auth).first() "Access-Control-Allow-Origin": "*",
if application_api_key.allow_cross_domain: "Access-Control-Allow-Methods": "GET,POST,DELETE,PUT",
return HttpResponse(status=200, "Access-Control-Allow-Headers": "Origin,X-Requested-With,Content-Type,Accept,Authorization,token"})
headers={
"Access-Control-Allow-Origin": "*" if application_api_key.cross_domain_list is None or len(
application_api_key.cross_domain_list) == 0 else ",".join(
application_api_key.cross_domain_list),
"Access-Control-Allow-Methods": "GET,POST,DELETE,PUT",
"Access-Control-Allow-Headers": "Origin,X-Requested-With,Content-Type,Accept,Authorization,token"})
def process_response(self, request, response): def process_response(self, request, response):
auth = request.META.get('HTTP_AUTHORIZATION') auth = request.META.get('HTTP_AUTHORIZATION')
if auth is not None and str(auth).startswith("application-"): origin = request.META.get('HTTP_ORIGIN')
if auth is not None and str(auth).startswith("application-") and origin is not None:
application_api_key = QuerySet(ApplicationApiKey).filter(secret_key=auth).first() application_api_key = QuerySet(ApplicationApiKey).filter(secret_key=auth).first()
if application_api_key.allow_cross_domain: if application_api_key.allow_cross_domain:
response['Access-Control-Allow-Origin'] = "*" if application_api_key.cross_domain_list is None or len(
application_api_key.cross_domain_list) == 0 else ",".join(
application_api_key.cross_domain_list)
response['Access-Control-Allow-Methods'] = 'GET,POST,DELETE,PUT' response['Access-Control-Allow-Methods'] = 'GET,POST,DELETE,PUT'
response[ response[
'Access-Control-Allow-Headers'] = "Origin,X-Requested-With,Content-Type,Accept,Authorization,token" 'Access-Control-Allow-Headers'] = "Origin,X-Requested-With,Content-Type,Accept,Authorization,token"
if application_api_key.cross_domain_list is None or len(application_api_key.cross_domain_list) == 0:
response['Access-Control-Allow-Origin'] = "*"
elif application_api_key.cross_domain_list.__contains__(origin):
response['Access-Control-Allow-Origin'] = origin
return response return response