Open In App

How to enable CORS headers in your Django Project?

Improve
Improve
Like Article
Like
Save
Share
Report

When site A wants to access content from another site B, it is called a Cross-Origin request. As it is disabled for security reasons, B sends an Access-Control-Allow-Origin header in the response. By default, a domain is not allowed to access an API hosted on another domain.  If we want to allow our REST API (say backend) hosted in our Django application to be accessed from other applications (say front-end) hosted on another server, we must enable CORS (Cross-Origin Resource Sharing).

Steps to allow CORS in your Django  Project – 

1. Install django-cors-headers using PIP:

pip install django-cors-headers 

2. Add corsheaders to installed applications section in the settings.py file:

INSTALLED_APPS = [

   ...

   'corsheaders',

   ...

]

3. Add corsheaders.middleware.CorsMiddleware to middleware section in settings.py file:

MIDDLEWARE = [
  'django.middleware.security.SecurityMiddleware',
  ...
  'django.middleware.clickjacking.XFrameOptionsMiddleware',
  'corsheaders.middleware.CorsMiddleware',
]

4. If you want to allow access for all domains, set the following variable to TRUE in settings.py file:

CORS_ORIGIN_ALLOW_ALL = True

Alternatively, you can specify which domains you want to give access to by doing the following in settings.py file:

CORS_ORIGIN_ALLOW_ALL = False
CORS_ORIGIN_WHITELIST = (
  'http://localhost:8000',
)

That’s all! Now your API is accessible to other applications hosted on other selected servers.


Last Updated : 26 Nov, 2020
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads