How to enable cors on Python django REST framework?

Posted on by LearnInfinite
Estimated read time 2 min read

In Django, a popular web framework for Python, and Django REST framework (DRF), a powerful toolkit for building APIs, you can enable Cross-Origin Resource Sharing (CORS) to allow cross-origin requests from web browsers. CORS is a security feature implemented by web browsers that restricts web pages from making requests to a different domain than the one that served the web page. Here’s an example of how you can enable CORS in Django REST framework:

  1. Install the django-cors-headers library using pip:
pip install django-cors-headers
  1. Add 'corsheaders' to the INSTALLED_APPS setting in your Django project’s settings.py file:
INSTALLED_APPS = [
    # ...
    'corsheaders',
    # ...
]
  1. Add the 'corsheaders.middleware.CorsMiddleware' middleware to the MIDDLEWARE setting in your Django project’s settings.py file:
MIDDLEWARE = [
    # ...
    'corsheaders.middleware.CorsMiddleware',
    # ...
]
  1. Configure CORS settings in your Django project’s settings.py file. For example:
CORS_ORIGIN_ALLOW_ALL = True

The CORS_ORIGIN_ALLOW_ALL setting is set to True, which allows any origin to access your Django REST framework APIs. You can also specify specific origins or configure other CORS-related settings, such as CORS_ALLOW_CREDENTIALS, CORS_ALLOW_METHODS, CORS_ALLOW_HEADERS, and others, based on your specific requirements. Here’s an example:

CORS_ORIGIN_WHITELIST = (
    'http://example.com',
    'http://localhost:3000',
)

CORS_ALLOW_METHODS = (
    'GET',
    'POST',
    'PUT',
    'PATCH',
    'DELETE',
    'OPTIONS'
)

CORS_ALLOW_HEADERS = (
    'Content-Type',
    'Authorization',
    # Add other custom headers here
)

CORS_ALLOW_CREDENTIALS = True

In this example, the CORS_ORIGIN_WHITELIST setting specifies a list of allowed origins. The CORS_ALLOW_METHODS setting specifies the allowed HTTP methods for cross-origin requests. The CORS_ALLOW_HEADERS setting specifies the allowed request headers for cross-origin requests. The CORS_ALLOW_CREDENTIALS setting is set to True, which allows sending credentials (such as cookies) with cross-origin requests. You can customize these options based on your specific requirements.

After enabling CORS in Django REST framework, your APIs should be able to accept cross-origin requests from the specified origins, methods, and headers, as configured in your settings.

Avatar for LearnInfinite
LearnInfinite

You May Also Like

More From Author

+ There are no comments

Add yours

Leave a Reply