In the post Django REST Framework: API in a few minutes in Python, I showed you how to build your very first API in Python.
But there is one minor problem, if you test your API with another application, like an Angular or React frontend, you are going to face CORS problems.
To solve this you can install the django-cors-headers in your app using pip.
pip install django-cors-headersAfter installing the django-cors-headers in your project, you have to configure it in the settings.py file, including the corsheaders in the INSTALLED_APPS.
INSTALLED_APPS = [
...
'corsheaders',
...
]The end result will look like this.
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'corsheaders',
]After that, still in settings.py, add the corsheaders.middleware.CorsMiddleware in MIDDLEWARE before any middleware that can generate responses like CommonMiddleware.
MIDDLEWARE = [
...
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
...
]The end result will look like this.
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
]Finally, you have to add a new block in the settings.py file that contains the list of allowed origins, that is, those who can consume the API.
In the example below I am including http://localhost:4200 which is Angular’s default localhost.
CORS_ORIGIN_WHITELIST = [
"http://localhost:4200",
]