0

I've read about getting around the same origin policy when sending POST requests here and here and feel like I have a decent understanding of how the dynamic works. Modern browsers support it by setting Access-Allow-Control-Origin on the receiving server, and all browsers work by submitting the request through an iframe.

My question is two fold:

  1. Is there a way to dynamically set the origin allowed so that you don't have to set Access-Allow-Control-Origin: *. More precisely is there a way to do it with a particular view or set of views in django. ( I know there is this gist which is usable as a middleware, but there doesn't seem to be a way to set the origin you are allowing on the fly.

  2. Is there a wrapper you can use that has the deprecation built in? In other words it will try to use Access-Allow-Control-Origin and if the browser doesn't support it it will use an iframe instead.

Community
  • 1
  • 1
Daniel Nill
  • 5,041
  • 9
  • 39
  • 62

1 Answers1

1

You could rewrite the middleware as a decorator. This would actually be a better approach than the middleware in general I think since it would allow you to pass arguments to each usage of the decorator to customize the allowed methods.

John
  • 5,057
  • 25
  • 31