adamchainz / django-cors-headers

Django app for handling the server headers required for Cross-Origin Resource Sharing (CORS)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

callback/dynamically requested whitelist

nerdoc opened this issue · comments

Description

Hi Adam, thanks for that great library.

ATM it's only possible to have a restricted whitelist of domains that are allowed, placed in settings.py as quasi-constant. It's only parsed once at Django server start, fire and forget.
My application is a bit dynamic, os it can add sites using Django's Sites framework, and use them for tenants. I am using some Js magic with Django-Unicorn, so many Js/AJAX calls are fired from the frontend. Subdomains using django-hosts - quite a fresh mix...
Everything works, just Unicorn does not, cause it relies on SameOrigin. django-cors-headers would be a cool addition to that, but I really don't know what domains are added later by using the UI. So i'd like to determine that in runtime.

Do you see a benefit /possibility in checking that "whitelist" domains during runtime, by a callback function that returns that list?

There's a signal for this purpose already: https://github.com/adamchainz/django-cors-headers#signals

Have you tried using that?

Ah, that's great. Missed it. Thanks for the quick response & Happy Easter!