Getting the request origin in a Django request


So I’m trying to enable cross origin resource sharing in Django, so I can post to an external site, and it’s easy to do when I set


but I want to instead have it check whether the origin is in an allowed list of origins (essentially to restrict it to only allow specific sites) but I can’t seem to find anywhere in the Django request where I can get the origin information.

I tried using request.META[‘HTTP_HOST’] but that just returns the site that’s being posted to. Does anyone know where in the Request object I can get the origin of the request?

Asked By: Jared Joke



I strongly advice you to use django-cors-headers. It lets you to define CORS_ORIGIN_WHITELIST which is a list of allowed origins in more pythonic way.

Answered By: mariodev

To answer the question “Does anyone know where in the Request object I can get the origin of the request?”, would the request.META[‘REMOTE_ADDR’] give you what you need?

Answered By: daigorocub

As for getting the url from request (which is what I was looking for), use request.META['HTTP_REFERER'] instead.

Answered By: ZAD-Man

In Django,


answers the original question.

You can print(request.headers) to see everything available in the headers.

Answered By: Joel Wigton

you can get it by request.META["HTTP_ORIGIN"]

Answered By: aniket rastogi

In Django 2.2 use:


Make sure that the request property doesn’t have mode = no-cors


"There are some exceptions to the above rules; for example, if a cross-origin GET or HEAD request is made in no-cors mode, the Origin header will not be added."

Answered By: juan Isaza

Use this:

origin = request.META.get("HTTP_ORIGIN")

This is the way django-cors-headers use it in the middleware:

Answered By: Omid Raha