CORS headers not being added in django

Preface, I am aware of django-cors-headers not work

I am getting the following error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at ... (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 301.

Here are the important parts of my settings.py.

INSTALLED_APPS = [
  ...
  corsheaders
  ...
  ]

corsheaders is the last entry in INSTALLED_APPS

MIDDLEWARE is:

 MIDDLEWARE = [
     'corsheaders.middleware.CorsMiddleware',
     'django.middleware.security.SecurityMiddleware',
     'whitenoise.middleware.WhiteNoiseMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     "allauth.account.middleware.AccountMiddleware",
 ]

So CorsMiddleware is at the top.

And for CORS settings:

CORS_ALLOW_CREDENTIALS = False
CORS_ALLOW_ALL_ORIGINS = True

And ALLOWED_HOSTS is:

 ALLOWED_HOSTS = ['*'] 

Online, this seems to be all that's needed to get CORS headers, but I am not getting them in the response.

How do I fix this?

Back to Top