callback/dynamically requested whitelist
nerdoc opened this issue · comments
Description
Hi Adam, thanks for that great library.
ATM it's only possible to have a restricted whitelist of domains that are allowed, placed in settings.py as quasi-constant. It's only parsed once at Django server start, fire and forget.
My application is a bit dynamic, os it can add sites using Django's Sites
framework, and use them for tenants. I am using some Js magic with Django-Unicorn, so many Js/AJAX calls are fired from the frontend. Subdomains using django-hosts
- quite a fresh mix...
Everything works, just Unicorn does not, cause it relies on SameOrigin. django-cors-headers
would be a cool addition to that, but I really don't know what domains are added later by using the UI. So i'd like to determine that in runtime.
Do you see a benefit /possibility in checking that "whitelist" domains during runtime, by a callback function that returns that list?
There's a signal for this purpose already: https://github.com/adamchainz/django-cors-headers#signals
Have you tried using that?
Ah, that's great. Missed it. Thanks for the quick response & Happy Easter!