panyy
/
UnisKB
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
UnisKB/apps/common/middleware/cross_domain_middleware.py

40 lines
1.8 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# coding=utf-8
"""
@project: maxkb
@Author
@file cross_domain_middleware.py
@date2024/5/8 13:36
@desc:
"""
from django.db.models import QuerySet
from django.http import HttpResponse
from django.utils.deprecation import MiddlewareMixin
from application.models.api_key_model import ApplicationApiKey
class CrossDomainMiddleware(MiddlewareMixin):
def process_request(self, request):
if request.method == 'OPTIONS':
return HttpResponse(status=200,
headers={
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET,POST,DELETE,PUT",
"Access-Control-Allow-Headers": "Origin,X-Requested-With,Content-Type,Accept,Authorization,token"})
def process_response(self, request, response):
auth = request.META.get('HTTP_AUTHORIZATION')
origin = request.META.get('HTTP_ORIGIN')
if auth is not None and str(auth).startswith("application-") and origin is not None:
application_api_key = QuerySet(ApplicationApiKey).filter(secret_key=auth).first()
if application_api_key.allow_cross_domain:
response['Access-Control-Allow-Methods'] = 'GET,POST,DELETE,PUT'
response[
'Access-Control-Allow-Headers'] = "Origin,X-Requested-With,Content-Type,Accept,Authorization,token"
if application_api_key.cross_domain_list is None or len(application_api_key.cross_domain_list) == 0:
response['Access-Control-Allow-Origin'] = "*"
elif application_api_key.cross_domain_list.__contains__(origin):
response['Access-Control-Allow-Origin'] = origin
return response
Reference in New Issue View Git Blame Copy Permalink