When site A wants to access content from another site B, it is called a Cross-Origin request. As it is disabled for security reasons, B sends an Access-Control-Allow-Origin header in the response. By default, a domain is not allowed to access an API hosted on another domain. If we want to allow our REST API (say backend) hosted in our Django application to be accessed from other applications (say front-end) hosted on another server, we must enable CORS (Cross-Origin Resource Sharing).
Steps to allow CORS in your Django Project –
1. Install django-cors-headers using PIP:
pip install django-cors-headers
2. Add corsheaders to installed applications section in the settings.py file:
INSTALLED_APPS = [ ... 'corsheaders', ... ]
3. Add corsheaders.middleware.CorsMiddleware to middleware section in settings.py file:
MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', ... 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'corsheaders.middleware.CorsMiddleware', ]
4. If you want to allow access for all domains, set the following variable to TRUE in settings.py file:
CORS_ORIGIN_ALLOW_ALL = True
Alternatively, you can specify which domains you want to give access to by doing the following in settings.py file:
CORS_ORIGIN_ALLOW_ALL = False CORS_ORIGIN_WHITELIST = ( 'http://localhost:8000', )
That’s all! Now your API is accessible to other applications hosted on other selected servers.