1. Added django-cors-headers and followed docs
2. GETting, POSTing and PUTting works fine
3. POSTing files do not work!

Here are my setting

CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True
ALLOWED_HOSTS = ["*"]

When I now try to upload files (Content-Type = multipart/form-data), I get the following error:

Firefox:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1:3000/api/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Chrome:

Access to XMLHttpRequest at 'http://127.0.0.1:8000/api/' from origin 'http://127.0.0.1:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I checked it and indeed, the Access-Control-Allow-Origin' header is missing. I configured everything according to docs, so I think this must be an issue. Please let me know if you know a solution to this.

Closing due to age. There's not enough information here to determine the bug, but it's probably a CSRF issue. The blocked response should be read in network tools to check.

@Myzel394 did you ever solve this? I am having this issue as well

@JMIdeaMaker I found a workaround for my case. I started chrome without security features. This way everything suddenly worked without any cors pain.

But keep in mind, that if you are using multiple domains, you still have to find a solution for this. This here will only work in development and in production when your frontend and backend is on the same domain.

EDIT
Here's the command:
google-chrome --user-data-dir="chrome_dev_session" --disable-web-security

Never EVER use Chrome with --disable-web-security, or advise others to do so.

I'm also having this issue