Set up different CORS rules based on the endpoint in Django

Question

I'm trying to figure out a way to have different CORS rules based on the backend endpoint frontend would hit.
So I can have
/api endpoint with a CORS domain whitelist and
/public-api without a CORS domain whitelist.
This is needed because I have both internal endpoints I use for my own frontend, and a public JS widget that can be installed in any 3rd party domain.
I've looked at django-cors-headers library, but it's regex configuration
CORS_ORIGIN_REGEX_WHITELIST = []

works to let requests FROM a list of domains through.
In my case, I need to a way to have a regex (or another method) to let requests TO my endpoints through or not.

Olzhas Arystanov · Accepted Answer

django-cors-headers allows you to specify a custom handler function that will check if the request should be allowed. In your case you can use something like this:
# myapp/handlers.py
from corsheaders.signals import check_request_enabled

def cors_allow_particular_urls(sender, request, **kwargs):
    return request.path.startswith('/public-api/')

check_request_enabled.connect(cors_allow_mysites)

handlers.py needs to be loaded in app config:
# myapp/__init__.py

default_app_config = 'myapp.apps.MyAppConfig'

# myapp/apps.py

from django.apps import AppConfig

class MyAppConfig(AppConfig):
    name = 'myapp'

def ready(self):
        # Makes sure all signal handlers are connected
        from myapp import handlers  # noqa

More info here: https://github.com/adamchainz/django-cors-headers#signals

anilkumarggk · Answer

If you can club your private URLs under a separate prefix (ex: /private/<something>) you can use CORS_URLS_REGEX=r'^/private/.*$'
You can read more about it here:
https://github.com/adamchainz/django-cors-headers#cors_urls_regex

Set up different CORS rules based on the endpoint in Django

2 Answers

Add your own answers!

Related Questions

Substring instead of Left

Can I use the parameter in the function and echo it out in the if statement below

R: Multi-type Point Pattern scan.test

Why is javac -source 1.5 allowing @Override on interface methods?

if else statements returning else value even when they should return if value?

Pandas: filter rows with loc on anonymous dataframe

Randomizing list of lists without overlap

React – Get the value of an input by clicking on a button

Why are the spacings in the decipher incorrect?

PersistentObjectException: detached entity passed to persist [JpaRepository]

Laravel + Livewire: How to fix Pagination Elements Get method error

Lottie animation has large padding. How to resize the animation to the view, by removing the padding

How to play more than one stream at once using soundio?

Units and Measurements in Swift

Why is getter and setter not working for one class in my code, but works for the other ones

Scheme: Iterative process to reconstruct a list in original order?

Count files in directory (python)

Find common alphabets in multiple dictionaries – python

How to set the “Resource root URL” in Jenkins

Write Pandas DataFrame to chronologic excel sheet

Ask a Question