stackoom
  简体   繁体   中英

Django Allowed Hosts

 原文  2020-06-20 17:24:08       django

Question

I want only my front.domain.com to access the django API so i updated my settings.py . When i deployed i can access the django API via curl and postman so i'm confused here is there anything i'm missing !

settings.py

DEBUG = False  # deployment

if DEBUG:
    FRONT_OFFICE_URL = 'http://127.0.0.1:4200/'
    ALLOWED_HOSTS = ['*']  # development
    CORS_ORIGIN_ALLOW_ALL = True # development
else:
    FRONT_OFFICE_URL = 'https://front.domaine.com'
    ALLOWED_HOSTS = [FRONT_OFFICE_URL ]  # deployment
    CORS_ORIGIN_WHITELIST = [FRONT_OFFICE_URL]
    CSRF_TRUSTED_ORIGINS = [FRONT_OFFICE_URL ]



INSTALLED_APPS = [
     ...
    'corsheaders',
   ]

MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
     ...
   ]

1 answers

solution1
 0  2020-06-20 17:55:58

CORS prevents browsers from accessing resources on other domains. But any other http request will not be blocked by CORS. If you need to block requests where Referer is not your domain, you can write some middleware to do that, but beware that it can easily be faked - Postman and Curl both lets you set the Referer header to any value.

If you need to secure requests to the API in Django, setting up CSRF protection is the way to go.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ALLOWED_HOSTS and Django django ALLOWED_HOSTS not working Django allowed hosts with port number django set multiple allowed hosts Django Allowed_Hosts Error. Django ALLOWED_HOSTS for Amazon ELB How to set Django allowed_hosts? Django ALLOWED_HOSTS with ELB HealthCheck Django ALLOWED_HOSTS IPs range Is 0.0.0.0 in Django ALLOWED_HOSTS a security risk?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM