Django's CORS_ALLOWED_ORIGINS and CORS_ALLOW_ALL_ORIGINS not working

I have a very strange problem with Django's corsheaders. I have tried all sorts of permutations and combinations by playing with all the possible settings but of no use.

My current settings look like this:

ALLOWED_HOSTS = ['*']

CORS_ALLOWED_ORIGINS = ['*']
CORS_ALLOW_ALL_ORIGINS = True

This is still causing the following error when the frontend sends an API request:

has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I am not sure what else needs to be added, please let me know if I am missing anything here.

I have already added 'corsheaders' in INSTALLED_APPS and also 'corsheaders.middleware.CorsMiddleware'in the MIDDLEWARE list (on top)

I have tried adding domains one by one in the lists and verified by loading the changes, but still nothing worked. Even though I have now allowed for any origin and any host to send cross-origin requests, it is still throwing the CORS error.

If you use credentials, you aren't allowed to use * (CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true).

Set specific urls.

Back to Top