Hi Team,

I am learning django and have come across this issue.

Error in browser console :
Access to XMLHttpRequest at 'http://pallab.cds.iisc.ac.in/INTERPIN/Ecoli/ex_hp.bed' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I have installed django-cors-headers and updated my code to include following:

1. 'corsheaders' under INSTALLED_APPS,
2. 'corsheaders.middleware.CorsMiddleware', at the top of MIDDLEWARE
3. CORS_ALLOW_ALL_ORIGINS = False
   CORS_ORIGIN_WHITELIST = ['http://localhost:8000']

Could you help me understand, why CORS policy error is appearing even after updating code for django-cors-headers ?
Am I missing out on something in the code ? OR the issue is out of scope of the code itself

The headers need to be added on the server serving http://pallab.cds.iisc.ac.in/INTERPIN/Ecoli/ex_hp.bed, not your Django app which is presumably the thing running on localhost:8000.

Sorry to reopen this issue.

I missed out to mention earlier ...that files with extension (.fasta) from the sever are accessible. However any other files (.bed, .gff) aren't accessible.

So I am bit confused as to why some files are accessible and some are not .. given headers are absent

That may be a separate browser measure called CORB. Check the error console on your browser. Django-cors-headers is almost certainly not the solution.