8👍
The problem is the Authorization code flow should not be used in front end, you need to use implicit flow here
(https://developers.google.com/actions/identity/oauth2-implicit-flow)
instead of authorization code flow(https://developers.google.com/actions/identity/oauth2-code-flow)
I think you also have missed to mention the headers allowed
CORS_ALLOW_HEADERS = (
'accept',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
)
Source:stackexchange.com