settings.py
INSTALLED_APPS = [ ... ‘corsheaders‘, ... ]
MIDDLEWARE = [ ... ‘django.middleware.clickjacking.XFrameOptionsMiddleware‘, ... ]
X_FRAME_OPTIONS = ‘ALLOWALL‘ CORS_ORIGIN_ALLOW_ALL = True CORS_ALLOW_CREDENTIALS = True CORS_ALLOW_METHODS = (‘DELETE‘, ‘GET‘, ‘OPTIONS‘, ‘PATCH‘, ‘POST‘, ‘PUT‘, ‘VIEW‘,) CORS_ALLOW_HEADERS = ( ‘XMLHttpRequest‘, ‘X_FILENAME‘, ‘accept-encoding‘, ‘authorization‘, ‘content-type‘, ‘dnt‘, ‘origin‘, ‘user-agent‘, ‘x-csrftoken‘, ‘x-requested-with‘, ‘Pragma‘, )
原文:https://www.cnblogs.com/yuzhen0228/p/12015891.html