how i dynamically populate to CORS_ALLOWED_ORIGINS in django rest framework
django-cors-headers has a signal that allows you to decide whether or not to allow the request to pass. The docs show exactly your use case.
Note that CORS_ORIGIN_WHITELIST is also checked by the cors middleware (the signal response doesn't replace the white list), so you can have both: a static whitelist + a dynamic whitelist that depends on the request. You don't need to check the static whitelist in your signal handler.
https://github.com/adamchainz/django-cors-headers