Configuring CORS and protecting against CSRF attacks
Nowadays, lot of software are designed to be used in a browser through an interface built with HTML, CSS, and JavaScript. Traditionally, web servers were responsible for handling browser requests and returning an HTML response, ready to be shown. This is a common use case for frameworks such as Django.
For a few years now, there has been a shift in that pattern. With the emergence of JavaScript frameworks, such as Angular, React, and Vue, we tend to have a clear separation between the frontend, a highly interactive user interface powered by JavaScript, and the backend. Thus, those backends are now only responsible for data storage and retrieving and executing business logic. This is a task that REST APIs are very good at! From the JavaScript code, the user interface can then just spawn requests to your API and handle the result to present it.
However, we must still handle authentication: we want our user to be able to log in...