You need to explitely add the allowed origins to your settings after activating cors-headers. Add this to settings.py :

CORS_ALLOWED_ORIGINS = ["https://project.mydomain.com"] # This is your frontend's url

It will let your frontend receive the response.