This is all documented for example in Mozilla Developer Network so I’m not going to duplicate the instructions for setting appropriate headers here.
Now, fast forward to the Python part. Below is a simple Python decorator that can be used for example with Django to allow the cross-domain requests to your application. Before you use this for anything real, take a look at the access-control headers it is setting and compare those with the documentation.
The decorator is meant to be used on your view function that takes a request in and returns a response. For the OPTIONS method the decorator does not call the actual function at all. Instead it just sets the access control headers to the response and returns. For the actual GET/POST the decorator first calls the function and then adds the access-control headers.
@HttpOptionsDecorator def retrieve_rate(request, currency): # do something return HttpResponse(....)
def set_access_control_headers(response): response['Access-Control-Allow-Origin'] = '*' response['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS' response['Access-Control-Max-Age'] = 1000 response['Access-Control-Allow-Headers'] = '*' class HttpOptionsDecorator(object): def __init__(self, f): self.f = f; def __call__(self, *args): logging.info("Call decorator") request = args if request.method == "OPTIONS": response = HttpResponse() set_access_control_headers(response) return response else: response = self.f(*args) set_access_control_headers(response) return response