django-cors-headers : the middleware configured will add CORS headers to the response and CORS_ORIGIN_WHITELIST decide what origins can access resources

Details fc

position ease box interval due
front 2.5 0 0 2021-09-12T07:59:52Z
  1. Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell browsers to give a web application running at one origin, access to selected resources from a different origin.
  2. A web application executes a cross-origin HTTP request when it requests a resource that has a different origin (domain, protocol, or port) from its own.

An example of a cross-origin request: the front-end JavaScript code served from https://domain-a.com uses XMLHttpRequest to make a request for https://domain-b.com/data.json.

  1. For security reasons, browsers restrict cross-origin HTTP requests initiated from scripts.
    1. For example, XMLHttpRequest and the Fetch API follow the Same-Origin Policy.
    2. This means that a web application using those APIs can only request resources from the same origin the application was loaded from,
    3. unless the response from other origins includes the right CORS headers.
    4. domain-b.com decides whether to share it resources with domain, website, domain-a.com.
      1. by sharing CORS headers in response