I know this seems like a duplicate but this actually was intended to be a comment under an answer but I cannot comment with my current reputation score.
I'm new when it comes to Django and REST-APIs. I am developing an open API that is publicly accessible.
While researching about the CORS_ORIGIN_WHITELIST and ALLOWED_HOSTS setting in Django, I stumbled on this answer. The author suggests to set CORS_ORIGIN_ALLOW_ALL to True and says that if you do that, you also want to set a wildcard for the ALLOWED_HOSTS setting.
I understand that for an open API, I want to set CORS_ORIGIN_ALLOW_ALL to True but I don't understand why I would want to set a wildcard for ALLOWED_HOSTS. From my understanding, you want to set only the hostname of the server(s) the API is running on, correct?
I read the django documentation and some other sources but I feel like I don't understand this enough yet.
Could you elaborate @tim-mccurrach? I unfortunately cannot comment under your answer in the original question because I don't have the 50 point reputation score yet.
