Django-jwt use cookie instead of Authorization header

[Suraj Thapa FC]

Django-jwt use cookie instead of Authorization header

I want to build the SPA application using Django Rest Framework as a back-end. The application will use JsonWebToken authentication.

For maximum security, I want to store the authentication token inside of httpOnly cookie, so it will not be accessible from javascript. However, because the cookie is not accessible from the javascript, I am not able to set the 'Authorization: JWT ...' header.

So, my question is, can I make the DRF system to read the authentication token from the cookie instead of reading it from the "Authorization" header? Or the "Authorization" header is the only and correct way to authenticate in DRF?