CORS is a mechanism that allows resource like JS, CSS, etc. on a web page to be requested from another time. Almost every website will have the **same-origin policy **meaning that those resources can be accessed ONLY from their domain name.
Let’s talk about a loosely coupled web app scenario.
So when we try to make AJAX call from our front end it’ll usually through a CORS error. We can use Chrome extension like Allow-Control-Allow-Origin: * to bypass that CORS same origin policy.
But in a production environment, we need to ALLOW our frontend domain address.
In Django, we can easily to it in just 4 steps
Install the django-cors-headers
pip install django-cors-headers
Then add it to your installed apps. Basically, open the settings.py of your app and you will find **INSTALLED_APPS **array. Just add corsheaders in it just like this
INSTALLED_APPS = ( ... 'corsheaders', ... )
Just like INSTALLEDAPP you need to add it in **MIDDLEWARECLASSES**
MIDDLEWARE_CLASSES = ( ... 'corsheaders.middleware.CorsMiddleware', 'django.middleware.common.CommonMiddleware', ... )
Make sure to place it before Django’s CommonMiddleware
Now we are going to configure CORS policy of the app.
CORS_ORIGIN_ALLOW_ALL = False CORS_ORIGIN_WHITELIST = ( 'www.example.com', 'example.com' )
That’s all… You can now access resource from your backend.