What is the difference between ALLOWED_HOSTS and CORS. If I have defined ALLOWED_HOSTS do I need to define also CORS? I am not using django templates.
Also do I have the possibility to define those two dynamically?(I think not)
I am using django as backend, and multiple reactjs frontend apps on different hosts.
Doc on ALLOWED_HOSTS.
In short, in production environment where you have DEBUG=FALSE, your Django application will not serve in a domain or subdomain that is not specified in ALLOWED_HOSTS. It's a whitelist of trusted domains you can serve your backend app on. In other words, these are the domains your backend app can be accessed from.
CORS on the other hand stands for Cross-Origin Resource Sharing. I'm assuming you are asking because you are also doing Django Rest Framework. CORS has nothing to do with which domain you serve your backend app on. Instead, it basically allows your frontend apps, like the multiple reactjs apps you mentioned, to interact with your APIs without having to deploy all of them on the same domain. django-cors-header is the recommended package for configuring CORS.