💻
Bookstores
  • Tech Stacks
  • Django
    • Django REST framework
    • Serializer validation
    • Form validation in view class
  • Use Open API data model
  • Server Side react javascript
  • React context and redux difference
  • Migrate state management from Redux to Jotai
  • Migrate from REST to GraphQL
  • Migrate from REST to gRPC
  • How to handle cross origin?
Powered by GitBook
On this page
  • Why do we do that?
  • REST
  • GraphQL
  • gRPC

Was this helpful?

How to handle cross origin?

PreviousMigrate from REST to gRPC

Last updated 4 years ago

Was this helpful?

Why do we do that?

Browser will poke cross site server with OPTIONS method to determine the access right.

  • If browser don't see the right header, then it won't take the data.

  • If server side don't handle OPTIONS method correctly, a server side exception may be raised.

REST

  • Repository :

  • To handle corss site origin request and response, implement middleware corsapp.middleware.CorsMiddleware

    class CorsMiddleware(object):
    
        def __init__(self, get_response):
            self.get_response = get_response
    
        def __call__(self, request):
            response = self.get_response(request)
            response["Access-Control-Allow-Origin"] = "*"
            response["Access-Control-Allow-Headers"] = "*"
            response["Access-Control-Allow-Methods"] = "*"
    
            return response

    And adjust settings in bookstore_openapi.settings.py

      MIDDLEWARE = [
          ...
          'corsapp.middleware.CorsMiddleware',
      ]
  • To bypass cross origin, 3 access control attributes were added to response.

GraphQL

  • To handle corss site origin request and response, implement middleware corsapp.middleware.CorsMiddleware

      class CorsMiddleware(object):
    
          def __init__(self, get_response):
              self.get_response = get_response
    
          def __call__(self, request):
              is_graphQL = True if request.path == "/graphql/" else False
              is_method_options = True if request.method == "OPTIONS" else False
              if is_graphQL and is_method_options:
                  response = HttpResponse("")
                  response["Access-Control-Allow-Origin"] = "*"
                  response["Access-Control-Allow-Headers"] = "*"
                  response["Access-Control-Allow-Methods"] = "*"
                  return response
    
              response = self.get_response(request)
              if is_graphQL:
                  response["Access-Control-Allow-Origin"] = "*"
                  response["Access-Control-Allow-Headers"] = "*"
                  response["Access-Control-Allow-Methods"] = "*"
    
              return response

    And adjust settings in bookstore_graphql.settings.py

      MIDDLEWARE = [
          ...
          'corsapp.middleware.CorsMiddleware',
      ]
  • To bypass cross origin, 3 access control attributes were added to response.

gRPC

  • It's handled by proxy Envoy.

    ...
    cors:
      allow_origin_string_match:
        - prefix: "*"
      allow_methods: GET, PUT, DELETE, POST, OPTIONS
      allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,custom-header-1,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout
      max_age: "1728000"
      expose_headers: custom-header-1,grpc-status,grpc-message
    ...

Repository :

File :

https://github.com/ccapeng/bookstore_openapi
https://github.com/ccapeng/bookstore_graphQL
envoy-bookstore-grpc.yaml