9👍
Have just had the same problem. In my case the source of the problem was Apache’s Basic Authentication, my browser was sending Authorization header and Django REST Framework thought that this header was to be handled by it. The solution is pretty simple: just remove
'rest_framework.authentication.BasicAuthentication' from your
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": [
# ... auth classes here ...
]
}
Or explicitly set the default DEFAULT_AUTHENTICATION_CLASSES to remove BasicAuth from DRF’s defaults.
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": (
"rest_framework.authentication.SessionAuthentication",
),
}
0👍
You have the default, and then you have per view. You can set the default to IsAuthenticated, and then you override your view’s particular permission_classes. e.g.
class ObtainJSONWebLogin(APIView):
permission_classes = ()
or
class Foo(viewsets.ModelViewSet):
permission_classes = ()
Source:stackexchange.com