Django CORS Access-Control-Allow-Origin missing
The problem is the Authorization code flow should not be used in front end, you need to use implicit flow here(https://developers.google.com/actions/identity/oauth2-implicit-flow)instead of authorization code flow(https://developers.google.com/actions/identity/oauth2-code-flow)
I think you also have missed to mention the headers allowed
CORS_ALLOW_HEADERS = ( 'accept', 'accept-encoding', 'authorization', 'content-type', 'dnt', 'origin', 'user-agent', 'x-csrftoken', 'x-requested-with',)