Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Django ALLOWED_HOSTS vs CORS(django-cors-headers)

What is the difference between ALLOWED_HOSTS and CORS. If I have defined ALLOWED_HOSTS do I need to define also CORS? I am not using django templates. Also do I have the possibility to define those two dynamically?(I think not)
I am using django as backend, and multiple reactjs frontend apps on different hosts.

like image 865
jalanga Avatar asked Nov 10 '17 17:11

jalanga


People also ask

What is Django-cors-headers?

django-cors-headers is a Django application for handling the server headers required for Cross-Origin Resource Sharing (CORS).

How do I check my cors Django?

For enable CORS open medium/settings.py file and type the following lines of code: We will use test-cors.org for testing CORS request again. Enter your api url in “Remote URL” and submit request.


1 Answers

Doc on ALLOWED_HOSTS. In short, in production environment where you have DEBUG=FALSE, your Django application will not serve in a domain or subdomain that is not specified in ALLOWED_HOSTS. It's a whitelist of trusted domains you can serve your app on.

CORS on the other hand, I'm assuming you are asking because you are also doing Django Rest Framework, stands for Cross-Origin Resource Sharing, basically allows your frontend apps, like the one you mentioned multiple reactjs apps, to interact with your APIs without having to deploy all of them on a same domain. django-cors-header is the recommended package for configuring CORS.

like image 196
PatDuJour Avatar answered Sep 22 '22 08:09

PatDuJour