I've read about getting around the same origin policy when sending POST requests here and here and feel like I have a decent understanding of how the dynamic works. Modern browsers support it by setting Access-Allow-Control-Origin on the receiving server, and all browsers work by submitting the request through an iframe.
My question is two fold:
1. Is there a way to dynamically set the origin allowed so that you don't have to set Access-Allow-Control-Origin: *. More precisely is there a way to do it with a particular view or set of views in django. ( I know there is this gist which is usable as a middleware, but there doesn't seem to be a way to set the origin you are allowing on the fly.
2.Is there a wrapper you can use that has the deprecation built in? In other words it will try to use Access-Allow-Control-Origin and if the browser doesn't support it it will use an iframe instead.
No comments:
Post a Comment