From what I can understand I see CORS middleware will apply to any route.

However, I believe in practice different CORS settings may be required.

Only the API part requires CORS, however,/admin/ should not accept CORS access?

I am just starting with this app and not sure if I have misunderstood anything.

Thanks for any thoughts

You can use the CORS_URL_REGEX setting: https://github.com/ottoyiu/django-cors-headers#cors_urls_regex . You'll need to write a regex to match the URL's to apply to, as per Python's re module.

HTH,

Adam

Thanks, will give a shot