我正在尝试使用django-cors-headers 2.0.2来仅允许来自某些网站的api请求,因为当前所有内容都可以使用。 我开始尝试阻止所有事情,但我无法解决这个问题,而且我仍然能够从任何地方提出请求。 我的设置文件:
INSTALLED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'corsheaders',
'rest_framework',
'django_extensions',
)
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django_otp.middleware.OTPMiddleware',
'admin_ip_whitelist.middleware.AdminAccessIPWhiteListMiddleware'
)
CORS_ORIGIN_ALLOW_ALL = False
CORS_ORIGIN_WHITELIST = ('my.website.domain',)
我错过了什么吗?