如何将Chrome扩展程序添加到django-cors-headers白名单? [英] How do I add Chrome Extension to django-cors-headers whitelist?
问题描述
我正在创建一个Chrome扩展程序,允许用户POST到Django服务器。
目前,我正在使用django-cors-headers,设置如下:
CORS_ORIGIN_ALLOW_ALL = True
允许我的扩展POST到指定的端点。当然,我不希望访问被完全打开,并且希望将CORS仅限于Chrome扩展。不过,我不熟悉我需要输入到django-cors-headers白名单中的URL。
好的,这里有一个简单的答案:不要做服务器端 p>
附带主机权限的扩展程序< a>将忽略CORS头,请求将被发送出去。
I am creating a Chrome extension that allows the user to POST to the Django server.
Currently, I am using django-cors-headers with the setting:
CORS_ORIGIN_ALLOW_ALL = True
to allow my extension to POST to the specified endpoint. Of course, I don't want access to be completely open, and would like to limit CORS to only the Chrome extension. However, I am unfamiliar with what URL I would need to input into the django-cors-headers whitelist.
Okay, here's a simple answer: don't do it server-side.
An extension with a host permission will ignore CORS headers and the request will be sent out regardless.
这篇关于如何将Chrome扩展程序添加到django-cors-headers白名单?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!