Cross Origin Resource Sharing¶
CORS support is disabled by default because it’s a browser-specific feature, and Shiva doesn’t assume that the clients are browsers.
To enable CORS you have to set the following in your local.py file:
CORS_ENABLED = True
Now Shiva will add the following header to each response:
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Accept, Content-Type, Origin, X-Requested-With
If you want to limit it to a single origin, then define a tuple with the accepted domains:
CORS_ALLOWED_ORIGINS = ('napster.com', 'slsknet.org')
Or simply a string:
CORS_ALLOWED_ORIGINS = 'napster.com'
When a domain (or a tuple of domains) is defined, Shiva will check the request against it. If they match, a header is added:
Access-Control-Allow-Origin: http://napster.com