I have a django application running in my server. In that application i use django-cors-headers to protect my api from other origins except the one i set by doing this:
# settings.py
CORS_ALLOWED_ORIGINS = [
'http://localhost:3000'
]
When I tested it with other origins like http://127.0.0.1:5500 it gave cors error and that's what i want.
BUT when i use vscode's extension called REST Client to access my api it worked without any errors.
How can i protect my api from that? I'm new to all these things so maybe there are things i dont know about. Thanks you.
The CORS header doesn't prevent access to your API. It only tells browsers which cross-origin requests it should allow.
The only thing being able to access your API from the VS Code REST Client extension tells you, is that it doesn't respect the CORS header (and it shouldn't need to because it isn't a browser).