Django CORS Headers not Working as Suggested in Docs

Question

The DOCS for Django Cors Headers, https://pypi.org/project/django-cors-headers/ , clearly states that CORS_ALLOWED_ORIGINS:

Previously this setting was called CORS_ORIGIN_WHITELIST, which still works as an alias, with the new name taking precedence.

From the code if I use CORS_ORIGIN_WHITELIST my requests go through, but if I use CORS_ALLOWED_ORIGINS, while commenting out CORS_ORIGIN_WHITELIST, my requests are blocked. In my options request I am not getting any response and the subsequent POST request is blocked.

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',

    #APPS
    ....

    #ADDL FRAMEWORKS
    'corsheaders',
    'rest_framework',
    'oauth2_provider',
    'django_extensions',
]

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

CORS_ORIGIN_WHITELIST = [
    'http://127.0.0.1:3000',
    'http://localhost:3000'
]

# CORS_ALLOWED_ORIGINS = [
#     'http://127.0.0.1:3000',
#     'http://localhost:3000',
# ]

CORS_ALLOW_METHODS = [
    'DELETE',
    'GET',
    'OPTIONS',
    'PATCH',
    'POST',
    'PUT',
]

CORS_ALLOW_HEADERS = [
    'accept',
    'accept-encoding',
    'authorization',
    'content-type',
    'dnt',
    'origin',
    'user-agent',
    'x-csrftoken',
    'x-requested-with',
]

Answer 1

It is a VERSION mistake. The CORS_ORIGIN_WHITELIST was changed to CORS_ALLOWED_ORIGIN in version 3.5.0, while it would seem that i am running an older version.