Cross-Origin Resource Sharing (CORS) enables frontend apps on different domains to access your API. I use django-cors-headers for production-ready CORS handling. I configure CORS_ALLOWED_ORIGINS for specific domains in production and use CORS_ALLOW_AL

Template tags extend Django's template language. I create simple tags with @register.simple_tag and inclusion tags with @register.inclusion_tag for rendering template snippets with context. Assignment tags store results in template variables. I place

For list endpoints, the frontend needs predictable pagination metadata, not just an array. I return items plus pageInfo (endCursor, hasNextPage) so building infinite scroll is straightforward and the API stays extensible if you later add totals (which

Moving slow operations to background jobs keeps API response times fast and improves perceived performance. Sidekiq with Redis provides a robust, production-proven job queue that handles millions of jobs per day. I organize workers into separate queue

Toast notifications provide non-intrusive feedback for user actions. I create a toast context that manages a queue of notifications, auto-dismisses them after a timeout, and supports different types (success, error, info). The context exposes methods

HashSet<T> stores unique values with O(1) average-case membership tests. It's backed by a HashMap<T, ()>. I use it for deduplication, membership checks, and set operations (.union(), .intersection()). Common methods: .insert(v) adds, .cont

For apps that ingest emails (support inbox, replies), Action Mailbox is a natural fit. When a message arrives, I create a record and broadcast it into a Turbo Stream feed so the UI updates in realtime. This is essentially “email as an event source”. T

Most handler bugs I debug are really input bugs: oversized bodies, unexpected fields, or clients sending arrays when the API expects an object. A dedicated decode helper makes behavior consistent. This pattern wraps the request body with http.MaxBytes

OAuth flows are a minefield, and PKCE is the safe default for public clients. I generate a verifier, derive a challenge, store the verifier in a short-lived session, and then exchange the authorization code for tokens. The key detail is treating the v

Fixtures and factories both create test data, but suit different needs. Fixtures load YAML files into the database before tests, providing fast, consistent data. I use fixtures for static reference data like countries or categories. Factories (via Fac

A tiny custom validator keeps complex presence rules out of controllers. This example enforces that at least one of two fields is present (e.g., text content or an attachment).

Not every failure should be a 500. If a non-critical dependency fails (e.g., recommendations), rescue narrowly, emit a metric/log, and serve a baseline response.