Django javascript: Custom request header throwing CORS error and redirecting to OPTIONS

I am trying to create an API library in Django. This API will be called by javascript. Django-API and javascript is running in two different servers.

The django API library is expecting a custom request header from javascript front end. I am parsing this header from django request object.

Everything is fine when I am trying in postman. But when I am trying this from browser, browser rejects my custom request header. and it automatically calls OPTIONS method.

Previously some cors issue was happening.
And I solved it by adding:


response["Access-Control-Allow-Origin"] = "*"
response["Access-Control-Allow-Headers"] = "*"


Also already implemented:

- django-cors-headers module installed
- corsheaders.middleware.CorsMiddleware middleware installed
- set ALLOWED_HOSTS = ['*']  & CORS_ORIGIN_ALLOW_ALL = True

The current issue actually due to the custom header added in the request. Can anyone help please? I am in a do or fire situation.

I tried various response headers from django. Is it related to back end or front end ? how to solve this?

Your custom request header needs to be added to CORS_ALLOW_HEADERS.

from corsheaders.defaults import default_headers

CORS_ALLOW_HEADERS = list(default_headers) + [
    "my-custom-header",
]

Please check also the other settings described here: https://pypi.org/project/django-cors-headers/ e.g. CORS_ALLOWED_ORIGINS

Back to Top