whatisgithub

What is django-cors-headers?

adamchainz/django-cors-headers — explained in plain English

Analysis updated 2026-06-26

5,586PythonAudience · developerComplexity · 1/5Setup · easy

In one sentence

Django add-on that adds CORS headers to server responses so web browsers allow JavaScript on one domain to make API requests to your Django backend hosted on a different domain.

Mindmap

mindmap
  root((django-cors-headers))
    What it does
      CORS header injection
      Cross-origin requests
    Setup
      Installed apps entry
      Middleware position
    Configuration
      Allowed origins list
      Regex patterns
      URL path filters
    Controls
      HTTP methods
      Cookie support
      Cache duration
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Allow a React or Vue frontend on one domain to make API calls to your Django backend on a different domain

USE CASE 2

Configure fine-grained CORS rules specifying which origins, methods, and headers your API accepts

USE CASE 3

Restrict cross-origin access to specific URL paths on your Django app rather than applying rules site-wide

USE CASE 4

Enable cookies to be sent in cross-site requests for session-based authentication across domains

What is it built with?

PythonDjango

How does it compare?

adamchainz/django-cors-headerssamuelschmidgall/agentlaboratorycoleam00/ottomator-agents
Stars5,5865,5875,584
LanguagePythonPythonPython
Setup difficultyeasymoderatemoderate
Complexity1/53/53/5
Audiencedeveloperresearcherdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

The CORS middleware must appear early in the MIDDLEWARE list or other layers may return responses before CORS headers are attached.

So what is it?

django-cors-headers is a small add-on for Django, a popular Python web framework. Its job is to add the correct HTTP headers to server responses so that web browsers allow JavaScript running on one website to make requests to your Django app hosted on a different domain. This browser restriction is called the Same-Origin Policy, and CORS (Cross-Origin Resource Sharing) is the official mechanism for relaxing it in a controlled way. In practice, you need this whenever your frontend and backend are on different domains. For example, if your React app is at app.example.com and your API is at api.example.com, the browser will block the requests by default. Adding this package and listing the allowed origins in your Django settings file fixes that. Setup involves two steps: adding the package to Django's list of installed apps and inserting a middleware class into the request-handling chain. The middleware needs to appear early in that chain so it can attach the CORS headers before any other layer might return a response first. The main configuration options let you specify which domains are allowed to make cross-site requests. You can provide an explicit list of origins, a list of regular expression patterns for cases where the list would be too long (such as many subdomains), or a single flag to allow all origins. The last option is convenient for local development but the README cautions that it is unsafe for production because it lets any website make requests to your API. The package also exposes finer-grained settings for controlling which HTTP methods and headers are permitted, whether cookies may be included in cross-site requests, how long browsers should cache the permissions response, and which URL paths on your site CORS rules apply to.

Copy-paste prompts

Prompt 1
My React app at app.example.com cannot make API calls to my Django backend at api.example.com. How do I configure django-cors-headers to fix this?
Prompt 2
Walk me through adding django-cors-headers to an existing Django project, including the correct middleware order.
Prompt 3
I want to allow CORS only from specific subdomains using a regex pattern instead of listing each one. How do I configure that?
Prompt 4
How do I restrict CORS headers to specific URL paths in my Django app so only the /api/ routes allow cross-origin requests?
Prompt 5
What is the safest django-cors-headers configuration for production when I have a known set of frontend domains?

Frequently asked questions

What is django-cors-headers?

Django add-on that adds CORS headers to server responses so web browsers allow JavaScript on one domain to make API requests to your Django backend hosted on a different domain.

What language is django-cors-headers written in?

Mainly Python. The stack also includes Python, Django.

How hard is django-cors-headers to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is django-cors-headers for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.