1👍
Using CORS headers you can restrict which clients are allowed to make requests and which methods are allowed.
Access-Control-Allow-Origin: http://siteA.com
Access-Control-Allow-Methods: GET, POST, PUT
there are other headers too, Google it 🙂
Alternatively, is Angular running on Apache or Node or something? If so, then you could make the request to the same domain such as http://yourangulardomain.com/api/request/that/i/want/to/go/to/my/django/server
and then put a rewrite rule in your Apache/Node config to rewrite the request. This will circumvent the cross origin problem.
A similar rewrite rule used on Node (which serves Angular) using the npm module connect-modrewrite (which is based heavily on Apache rewrite rules) is …
middleware: [
rewrite([
'^/api/(.*)$ http://10.20.1.20:9100/$1 [P]',
'^[^\\.]*$ /index.html [L]'
])
]
This basically sends requests containing /api in the URL to a diff server but routes everything else to index.html
Not sure why this doesn’t interfere with requests for CSS files and the like though!!
Hope that helps steer you anyway 🙂