Django by default does not provide the headers necessary to provide cross origin. The easiest way would be to just use this Django app that handles it for you: https://github.com/adamchainz/django-cors-headers
- Add to installed apps
- Add to middleware
- Then stuff like…
CORS_ALLOWED_ORIGINS = [
"http://read.only.com",
"http://change.allowed.com",
]
to support allowing all, just use the setting…
CORS_ALLOW_ALL_ORIGINS = True
and then do any filtering of the request in middleware or in the view.