Django ALLOWED_HOSTS vs CORS(django-cors-headers)
What is the difference between ALLOWED_HOSTS and CORS. If I have defined ALLOWED_HOSTS do I need to define also CORS? I am not using django templates.
Also do I have the possibility to define those two dynamically?(I think not)
I am using django as backend, and multiple reactjs frontend apps on different hosts.
Answer
Doc on ALLOWED_HOSTS.
In short, in production environment where you have DEBUG=FALSE, your Django application will not serve in a domain or subdomain that is not specified in ALLOWED_HOSTS. It's a whitelist of trusted domains you can serve your app on.
CORS on the other hand, I'm assuming you are asking because you are also doing Django Rest Framework, stands for Cross-Origin Resource Sharing, basically allows your frontend apps, like the one you mentioned multiple reactjs apps, to interact with your APIs without having to deploy all of them on a same domain. django-cors-header is the recommended package for configuring CORS.