Skip to content

keithio/django-xsxhr

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
static
static
 
 
xsxhr
xsxhr
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 

Repository files navigation

django-xsxhr

Enables cross domain XmlHttpRequests.

Usage

  1. Add xsxhr to your Python path.

  2. Edit your settings.py file to include the following line in your MIDDLEWARE_CLASSES:

    'xsxhr.middleware.XsXhrMiddleware',

Reference

The following are specified anywhere in your settings.py. If you have different settings for production and development use, you may specify accordingly.

XS_XHR_ORIGINS: domains allowed to access via cross-site XHR. Defaults to [].

XS_XHR_METHODS: methods that may be executed via XHR. Defaults to ['POST', 'GET', 'OPTIONS', 'PUT', 'DELETE'].

XS_XHR_ALLOWCT: allow the specification of the Content-Type via XHR. Defaults to True.

###Usage:

XS_XHR_ORIGINS = [
    'http://assets.mysite.com',
    'http://localhost:3000'  # Allows specification of ports
]

XS_XHR_METHODS = ['GET', 'OPTIONS']  # Specifies read-only access

XS_XHR_ALLOWCT = False  # Do not allow request to specify Content-Type header

####Danger!

You have the option to specify a wildcard * for the XS_XHR_ORIGINS variable. Doing so will leave which ever resources you have available open. It is recommended that you only do so when you limit the XS_XHR_METHODS as shown above.

##Notes on CSRF:

The Django docs also provide a JavaScript to enable sending XmlHttpRequests to submit form data. I have included csrf.js for jQuery 1.5+.

From Django Docs

Bitdeli Badge

About

Enables cross domain ajax requests

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages