如何将Chrome扩展程序添加到django-cors-headers白名单？ [英] How do I add Chrome Extension to django-cors-headers whitelist?

问题描述

我正在创建一个Chrome扩展程序，允许用户POST到Django服务器。

目前，我正在使用django-cors-headers，设置如下：

CORS_ORIGIN_ALLOW_ALL = True

允许我的扩展POST到指定的端点。当然，我不希望访问被完全打开，并且希望将CORS仅限于Chrome扩展。不过，我不熟悉我需要输入到django-cors-headers白名单中的URL。

解决方案

好的，这里有一个简单的答案：不要做服务器端 p>

附带主机权限的扩展程序< a>将忽略CORS头，请求将被发送出去。

I am creating a Chrome extension that allows the user to POST to the Django server.

Currently, I am using django-cors-headers with the setting:

CORS_ORIGIN_ALLOW_ALL = True

to allow my extension to POST to the specified endpoint. Of course, I don't want access to be completely open, and would like to limit CORS to only the Chrome extension. However, I am unfamiliar with what URL I would need to input into the django-cors-headers whitelist.

解决方案

Okay, here's a simple answer: don't do it server-side.

An extension with a host permission will ignore CORS headers and the request will be sent out regardless.

这篇关于如何将Chrome扩展程序添加到django-cors-headers白名单？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！