Metadata-Version: 1.1
Name: django-cors-headers
Version: 1.2.0
Summary: django-cors-headers is a Django application for handling the server headers required for Cross-Origin Resource Sharing (CORS).
Home-page: https://github.com/ottoyiu/django-cors-headers
Author: Otto Yiu
Author-email: otto@live.ca
License: MIT License
Description: django-cors-headers
        ===================
        
        A Django App that adds CORS (Cross-Origin Resource Sharing) headers to
        responses.
        
        Although JSON-P is useful, it is strictly limited to GET requests. CORS
        builds on top of ``XmlHttpRequest`` to allow developers to make cross-domain
        requests, similar to same-domain requests. Read more about it here:
        http://www.html5rocks.com/en/tutorials/cors/
        
        .. image:: https://travis-ci.org/ottoyiu/django-cors-headers.png?branch=master
           :target: https://travis-ci.org/ottoyiu/django-cors-headers
        
        
        Requirements
        ------------
        
        Tested with all combinations of:
        
        * Python: 2.7, 3.5
        * Django: 1.8, 1.9, 1.10
        
        Setup
        -----
        
        Install from **pip**:
        
        .. code-block:: sh
        
            pip install django-cors-headers
        
        and then add it to your installed apps:
        
        .. code-block:: python
        
            INSTALLED_APPS = (
                ...
                'corsheaders',
                ...
            )
        
        You will also need to add a middleware class to listen in on responses:
        
        .. code-block:: python
        
            MIDDLEWARE_CLASSES = [
                ...
                'corsheaders.middleware.CorsMiddleware',
                'django.middleware.common.CommonMiddleware',
                ...
            ]
        
        Note that ``CorsMiddleware`` needs to come before Django's
        ``CommonMiddleware`` if you are using Django's ``USE_ETAGS = True``
        setting, otherwise the CORS headers will be lost from 304 Not-Modified
        responses, causing errors in some browsers.
        
        Configuration
        -------------
        
        Configure the middleware's behaviour in your Django settings. You must add the
        hosts that are allowed to do cross-site requests to
        ``CORS_ORIGIN_WHITELIST``, or set ``CORS_ORIGIN_ALLOW_ALL`` to ``True``
        to allow all hosts.
        
        ``CORS_ORIGIN_ALLOW_ALL``
        ~~~~~~~~~~~~~~~~~~~~~~~~~
        If ``True``, the whitelist will not be used and all origins will be accepted.
        Defaults to ``False``.
        
        ``CORS_ORIGIN_WHITELIST``
        ~~~~~~~~~~~~~~~~~~~~~~~~~
        
        A list of origin hostnames that are authorized to make cross-site HTTP
        requests. Defaults to ``[]``.
        
        Example:
        
        .. code-block:: python
        
            CORS_ORIGIN_WHITELIST = (
                'google.com',
                'hostname.example.com',
                'localhost:8000',
                '127.0.0.1:9000'
            )
        
        ``CORS_ORIGIN_REGEX_WHITELIST``
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        
        A list of regexes that match origin regex list of origin hostnames that are
        authorized to make cross-site HTTP requests. Defaults to ``[]``. Useful when
        ``CORS_ORIGIN_WHITELIST`` is impractical, such as when you have a large
        number of subdomains.
        
        Example:
        
        .. code-block:: python
        
            CORS_ORIGIN_REGEX_WHITELIST = ('^(https?://)?(\w+\.)?google\.com$', )
        
        --------------
        
        The following are optional settings, for which the defaults probably suffice.
        
        ``CORS_URLS_REGEX``
        ~~~~~~~~~~~~~~~~~~~
        
        A regex which restricts the URL's for which the CORS headers will be sent.
        Defaults to ``r'^.*$'``, i.e. match all URL's. Useful when you only need CORS
        on a part of your site, e.g. an API at ``/api/``.
        
        Example:
        
        .. code-block:: python
        
            CORS_URLS_REGEX = r'^/api/.*$'
        
        ``CORS_ALLOW_METHODS``
        ~~~~~~~~~~~~~~~~~~~~~~
        
        A list of HTTP verbs that are allowed for the actual request. Defaults to:
        
        .. code-block:: python
        
            CORS_ALLOW_METHODS = [
                'GET',
                'POST',
                'PUT',
                'PATCH',
                'DELETE',
                'OPTIONS'
            ]
        
        ``CORS_ALLOW_HEADERS``
        ~~~~~~~~~~~~~~~~~~~~~~
        
        The list of non-standard HTTP headers that can be used when making the actual
        request. Defaults to:
        
        .. code-block:: python
        
            CORS_ALLOW_HEADERS = [
                'x-requested-with',
                'content-type',
                'accept',
                'origin',
                'authorization',
                'x-csrftoken',
                'user-agent',
                'accept-encoding',
            ]
        
        ``CORS_EXPOSE_HEADERS``
        ~~~~~~~~~~~~~~~~~~~~~~~
        
        The list of HTTP headers that are to be exposed to the browser. Defaults to
        ``[]``.
        
        
        ``CORS_PREFLIGHT_MAX_AGE``
        ~~~~~~~~~~~~~~~~~~~~~~~~~~
        
        The number of seconds a client/browser can cache the preflight response.
        Defaults to ``86400``.
        
        
        **Note:** A preflight request is an extra request that is made when making a
        "not-so-simple" request (e.g. ``Content-Type`` is not
        ``application/x-www-form-urlencoded``) to determine what requests the server
        actually accepts. Read more about it in the `HTML 5 Rocks CORS tutorial
        <https://www.html5rocks.com/en/tutorials/cors/>`_.
        
        ``CORS_ALLOW_CREDENTIALS``
        ~~~~~~~~~~~~~~~~~~~~~~~~~~
        
        If ``True``, cookies will be allowed to be included in cross-site HTTP
        requests. Defaults to ``False``.
        
        ``CORS_REPLACE_HTTPS_REFERER``
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        
        If ``True``, the ``HTTP_REFERER`` header will get replaced when CORS checks
        pass, so that the Django CSRF middleware checks work with HTTPS. Defaults to
        ``False``.
        
        **Note:** With this feature enabled, you also need to add
        ``corsheaders.middleware.CorsPostCsrfMiddleware`` after
        ``django.middleware.csrf.CsrfViewMiddleware`` in your ``MIDDLEWARE_CLASSES`` to
        undo the header replacement.
        
        Credits
        -------
        
        ``django-cors-headers`` was created by Otto Yiu (`@ottoyiu
        <https://github.com/ottoyiu>`_) and has been worked on by `25+ contributors
        <https://github.com/ottoyiu/django-cors-headers/graphs/contributors>`_.
        Thanks to every contributor, and if you want to get involved please don't
        hesitate to make a pull request.
        
        
        History
        =======
        
        Pending
        -------
        
        * New release notes go here.
        
        1.2.0 (2016-09-28)
        ------------------
        
        * Drop Python 2.6 support.
        * Drop Django 1.3-1.7 support, as they are no longer supported.
        * Confirmed Django 1.9 support (no changes outside of tests were necessary).
        * Added Django 1.10 support.
        * Package as a universal wheel.
        
        1.1.0 (2014-12-15)
        ------------------
        
        * django-cors-header now supports Django 1.8 with its new application loading
          system! Thanks @jpadilla for making this possible and sorry for the delay in
          making a release.
        
        1.0.0 (2014-12-13)
        ------------------
        
        django-cors-headers is all grown-up :) Since it's been used in production for
        many many deployments, I think it's time we mark this as a stable release.
        
        * Switching this middleware versioning over to semantic versioning
        * #46 add user-agent and accept-encoding default headers
        * #45 pep-8 this big boy up
        
        0.13 (2014-08-14)
        -----------------
        
        * Add support for Python 3
        * Updated tests
        * Improved docuemntation
        * Small bugfixes
        
        0.12 (2013-09-24)
        -----------------
        
        * Added an option to selectively enable CORS only for specific URLs
        
        0.11 (2013-09-24)
        
        * Added the ability to specify a regex for whitelisting many origin hostnames
          at once
        
        0.10 (2013-09-05)
        -----------------
        
        * Introduced port distinction for origin checking
        * Use ``urlparse`` for Python 3 support
        * Added testcases to project
        
        0.06 (2013-02-18)
        -----------------
        
        * Add support for exposed response headers
        
        0.05 (2013-01-26)
        -----------------
        
        * Fixed middleware to ensure correct response for CORS preflight requests
        
        0.04 (2013-01-25)
        -----------------
        
        * Add ``Access-Control-Allow-Credentials`` control to simple requests
        
        0.03 (2013-01-22)
        -----------------
        
        * Bugfix to repair mismatched default variable names
        
        0.02 (2013-01-19)
        -----------------
        
        * Refactor/pull defaults into separate file
        
        0.01 (2013-01-19)
        -----------------
        
        * Initial release
        
Keywords: django cors middleware rest api
Platform: any
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Web Environment
Classifier: Framework :: Django
Classifier: Framework :: Django :: 1.8
Classifier: Framework :: Django :: 1.9
Classifier: Framework :: Django :: 1.10
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.5
Classifier: Topic :: Software Development :: Libraries :: Application Frameworks
Classifier: Topic :: Software Development :: Libraries :: Python Modules
