[Django]-How to prevent Django Rest Framework from validating the token if 'AllowAny' permission class is used?

5👍

You seem to be mixing up authentication and authorization.

By using the @permission_classes decorator on your view, you have overridden the default authorization from settings. But you still have the default authentication classes from settings.

Try adding also to your view another decorator, to bypass the TokenAuthentication:

@authentication_classes([])

Note that if you put this on a POST endpoint, your app is now vulnerable to nasty stuff like Cross-Site Request Forgery.

👤wim

0👍

I think the answer to this question applies here as well.

If you don’t want to check tokens for one view, you can add @authentication_classes([]) to the view. That should keep the default in place for other views while treating this one differently.

Leave a comment