Skip to content
Related Articles

Related Articles

How to enable CORS headers in your Django Project?

Improve Article
Save Article
  • Difficulty Level : Medium
  • Last Updated : 26 Nov, 2020
Improve Article
Save Article

When site A wants to access content from another site B, it is called a Cross-Origin request. As it is disabled for security reasons, B sends an Access-Control-Allow-Origin header in the response. By default, a domain is not allowed to access an API hosted on another domain.  If we want to allow our REST API (say backend) hosted in our Django application to be accessed from other applications (say front-end) hosted on another server, we must enable CORS (Cross-Origin Resource Sharing).

Steps to allow CORS in your Django  Project – 

1. Install django-cors-headers using PIP:

pip install django-cors-headers 

2. Add corsheaders to installed applications section in the settings.py file:

INSTALLED_APPS = [

   ...

   'corsheaders',

   ...

]

3. Add corsheaders.middleware.CorsMiddleware to middleware section in settings.py file:

MIDDLEWARE = [
  'django.middleware.security.SecurityMiddleware',
  ...
  'django.middleware.clickjacking.XFrameOptionsMiddleware',
  'corsheaders.middleware.CorsMiddleware',
]

4. If you want to allow access for all domains, set the following variable to TRUE in settings.py file:

CORS_ORIGIN_ALLOW_ALL = True

Alternatively, you can specify which domains you want to give access to by doing the following in settings.py file:

CORS_ORIGIN_ALLOW_ALL = False
CORS_ORIGIN_WHITELIST = (
  'http://localhost:8000',
)

That’s all! Now your API is accessible to other applications hosted on other selected servers.

My Personal Notes arrow_drop_up
Related Articles

Start Your Coding Journey Now!