top of page

Developing REST API with Python Django

Do you want to build a REST API in Python Django?

Have you enabled CORS?

We need to enable CORS in case we are using two servers for our applications, may be one for the back-end or for hosting API and other for the front end. In cases like when backend code is hosted on one development server and the front end(Java Script / html/ react.js / angular.js) related code is hosted on Web server or other very generic case is you have developed an API which is hosted on a server and you want to access it on different other servers, in these type of scenarios we need to make a call from the front end server to the back-end server.

In modern days servers by default Same Origin Call is enabled, which means request coming from other domain will not be entertained or rather error will be reported. This is done for the security purposes. And in case you are required to access data or call a function as a developer you must know that you are enabling calls from other domains.

So, CORS stands for "Cross Origin Resource Sharing" which allows client applications to interface with APIs hosted on different domains/servers by enabling web browsers to bypass the Same Origin Policy which is enforced by default. By enabling CORS, a set of headers are added which tells the web browser which all domains apart from self are allowed to send/receive requests on this server.

Enabling CORS in Django Rest Environment is done using the following steps:

Step 1:

First step in to install the CORS headers by running the following command

python -m pip install django-cors-headers

Step 2:

In this step we will include the cors headers as a installed app. For this in project’s settings file at the location mysite/ add theses headers as the installed apps






Step 3:

Next step is to add a middleware class to listen to the responses. For this in the project’s settings file add make the following entry for cors headers







CorsMiddleware should be given priority over Django’s CommonMiddleware in order to add CORS headers to the responses. For this place CorsMiddleware as high as possible in the list for MIDDLEWARE.

Step 4:

In this final step, we need to assign names of the hosts/domains which should be allowed to access. For this either CORS_ORIGIN_WHITELIST should be set with allowed host names , or set CORS_ORIGIN_ALLOW_ALL to True to allow all hosts in the project’s settings file at mysite/


If hosts are allowed by setting CORS_ORIGIN_ALLOW_ALL to True, then whitelist will not be used and all origins will be accepted.






CORS_ORIGIN_WHITELIST variable takes a list of host/domain names which are authorized to make cross-site HTTP requests on this domain. The default value is [ ].

These are two most common used methods for setting the hosts for access. Based on special requirement other variables like CORS_ORIGIN_REGEX_WHITELIST etc can be used to set the allowed hosts.

Now, check whether both the servers (backend and front-end) are running! Or restart them, the CORS permission related error should have gone now!

Mail to us at in case of clarification.

260 views0 comments

Recent Posts

See All
bottom of page