Skip to content
Related Articles

Related Articles

Improve Article

How to enable CORS headers in your Django Project?

  • Difficulty Level : Medium
  • Last Updated : 26 Nov, 2020

When site A wants to access content from another site B, it is called a Cross-Origin request. As it is disabled for security reasons, B sends an Access-Control-Allow-Origin header in the response. By default, a domain is not allowed to access an API hosted on another domain.  If we want to allow our REST API (say backend) hosted in our Django application to be accessed from other applications (say front-end) hosted on another server, we must enable CORS (Cross-Origin Resource Sharing).

Steps to allow CORS in your Django  Project – 

1. Install django-cors-headers using PIP:

pip install django-cors-headers 

2. Add corsheaders to installed applications section in the settings.py file:

INSTALLED_APPS = [

   ...

   'corsheaders',

   ...

]



3. Add corsheaders.middleware.CorsMiddleware to middleware section in settings.py file:

MIDDLEWARE = [
  'django.middleware.security.SecurityMiddleware',
  ...
  'django.middleware.clickjacking.XFrameOptionsMiddleware',
  'corsheaders.middleware.CorsMiddleware',
]

4. If you want to allow access for all domains, set the following variable to TRUE in settings.py file:

CORS_ORIGIN_ALLOW_ALL = True

Alternatively, you can specify which domains you want to give access to by doing the following in settings.py file:

CORS_ORIGIN_ALLOW_ALL = False
CORS_ORIGIN_WHITELIST = (
  'http://localhost:8000',
)

That’s all! Now your API is accessible to other applications hosted on other selected servers.

 Attention geek! Strengthen your foundations with the Python Programming Foundation Course and learn the basics.  

To begin with, your interview preparations Enhance your Data Structures concepts with the Python DS Course. And to begin with your Machine Learning Journey, join the Machine Learning – Basic Level Course

My Personal Notes arrow_drop_up
Recommended Articles
Page :