Cors middleware.

middleware.py

CORS_ALLOWED_ORIGINS = getattr(settings, 'CORS_ALLOWED_ORIGINS', '*')
CORS_ALLOWED_METHODS = getattr(settings, 'CORS_ALLOWED_METHODS',
                            ['POST', 'GET', 'OPTIONS', 'PUT', 'DELETE', 'PATCH'])
CORS_ALLOWED_HEADERS = getattr(settings, 'CORS_ALLOWED_HEADERS',
                            ['Content-Type', 'X-Requested-With',
                             'X-Session-Token', 'Accept-Encoding'])
CORS_ALLOWED_CREDENTIALS = getattr(settings, 'CORS_ALLOWED_CREDENTIALS',  True)


class CorsMiddleware(object):
    def _populate_response(self, response):
        response['Access-Control-Allow-Origin']  = CORS_ALLOWED_ORIGINS
        response['Access-Control-Allow-Methods'] = ",".join(CORS_ALLOWED_METHODS)
        response['Access-Control-Allow-Headers'] = ",".join(CORS_ALLOWED_HEADERS)

        if CORS_ALLOWED_CREDENTIALS:
            response['Access-Control-Allow-Credentials'] = 'true'

    def process_request(self, request):
        if 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' in request.META:
            response = http.HttpResponse()
            self._populate_response(response)
            return response

        return None

    def process_response(self, request, response):
        self._populate_response(response)
        return response