|
|
@@ -39,6 +39,7 @@ INSTALLED_APPS = [
|
|
|
'django.contrib.messages',
|
|
|
'django.contrib.staticfiles',
|
|
|
'rest_framework',
|
|
|
+ 'corsheaders',
|
|
|
'group',
|
|
|
'folder',
|
|
|
'file',
|
|
|
@@ -47,10 +48,11 @@ INSTALLED_APPS = [
|
|
|
|
|
|
|
|
|
MIDDLEWARE = [
|
|
|
+ 'corsheaders.middleware.CorsMiddleware',
|
|
|
'django.middleware.security.SecurityMiddleware',
|
|
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
|
|
'django.middleware.common.CommonMiddleware',
|
|
|
- 'django.middleware.csrf.CsrfViewMiddleware',
|
|
|
+ # 'django.middleware.csrf.CsrfViewMiddleware',
|
|
|
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
|
|
'django.contrib.messages.middleware.MessageMiddleware',
|
|
|
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
|
|
@@ -142,3 +144,39 @@ EMAIL_PORT = 25
|
|
|
EMAIL_HOST_USER = 'lin-xinyuan@qq.com'
|
|
|
EMAIL_HOST_PASSWORD = 'terwmysqpvxaeahe'
|
|
|
DEFAULT_FROM_EMAIL = f'ST网盘 <{EMAIL_HOST_USER}>'
|
|
|
+
|
|
|
+
|
|
|
+# 跨域允许的请求方式,可以使用默认值,默认的请求方式为:
|
|
|
+# from corsheaders.defaults import default_methods
|
|
|
+CORS_ALLOW_METHODS = (
|
|
|
+ 'GET',
|
|
|
+ 'POST',
|
|
|
+ 'PUT',
|
|
|
+ 'PATCH',
|
|
|
+ 'DELETE',
|
|
|
+ 'OPTIONS'
|
|
|
+)
|
|
|
+
|
|
|
+# 允许跨域的请求头,可以使用默认值,默认的请求头为:
|
|
|
+# from corsheaders.defaults import default_headers
|
|
|
+# CORS_ALLOW_HEADERS = default_headers
|
|
|
+
|
|
|
+CORS_ALLOW_HEADERS = (
|
|
|
+ 'XMLHttpRequest',
|
|
|
+ 'X_FILENAME',
|
|
|
+ 'accept-encoding',
|
|
|
+ 'authorization',
|
|
|
+ 'content-type',
|
|
|
+ 'dnt',
|
|
|
+ 'origin',
|
|
|
+ 'user-agent',
|
|
|
+ 'x-csrftoken',
|
|
|
+ 'x-requested-with',
|
|
|
+ 'Pragma',
|
|
|
+)
|
|
|
+
|
|
|
+# 跨域请求时,是否运行携带cookie,默认为False
|
|
|
+CORS_ALLOW_CREDENTIALS = True
|
|
|
+# 允许所有主机执行跨站点请求,默认为False
|
|
|
+# 如果没设置该参数,则必须设置白名单,运行部分白名单的主机才能执行跨站点请求
|
|
|
+CORS_ORIGIN_ALLOW_ALL = True
|
