Why I need add the `Authorization` in the request header when access the APIs?

189
March 15, 2018, at 5:50 PM

I use the Python/Django write the backend, use Django-Rest-Framework write the APIs, I also used the rest_auth, allauth, see my settings.py:

INSTALLED_APPS = [
    ...
    'corsheaders', 
    'rest_framework',
    'rest_framework.authtoken',
    'rest_framework_docs',  # API docs
    'rest_auth',
    'allauth',
    'allauth.account',

but when the frontend access the APIs, it will must add the Authorization in the Request Header, otherwise can not access success: as a example:

    var that = this
    // login 
    that.$http.post(Urls.users.login(), params).then((response) => {
      that.$Cookies.set('token', response.data.key);
    }).catch((response) => {   //  if the header do not have `Authorization`, there will go to there directly, and pay attention: the response is undefined.

      }
    )
Answer 1

You add 'rest_framework.authtoken' to INSTALLED_APPS and set 

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticatedOrReadOnly',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
    )
}

in settings.py. Then DjangoRestFramework will check you identity when you ask server with unsafe method like post\patch\delete.You login method is handle by post method which will ask identity.But you get your token after login.

Two way to handle you problem, one is set:

'DEFAULT_PERMISSION_CLASSES': (
    'rest_framework.permissions.AllowAny',
),

which is not recommend.second way is set permissions for your login method like:

from rest_framework.permissions import AllowAny
@list_route(methods=['POST'], permission_classes=[AllowAny])
def login(self, request):
    pass
LAST QUESTIONS
All questions
Rent Charter Buses Company
POPULAR ONLINE
jQuery Categories

I want to display data from my database into a HTML div

Cordova jQuery AJAX call timing out after 30 seconds regardless of timeout setting

Client-Side Server-Side passing variables and function results

READ ALSO
formData image attribute file issue
JavaScript

formData image attribute file issue

I'm sending an image attribute file by ajax callBut having problems on getting that file in image attribute array in formData

 266
Get selected text position inside div and persist
JavaScript

Get selected text position inside div and persist

I am trying to get the position of the selected text, replace it with some HTML and then I want to persist the position of the selected text, so that the next time I render the html I want to show the highlight on the selected text

 308
How to limit copying from electron app to certain word length?
JavaScript

How to limit copying from electron app to certain word length?

I have an electron app with some data which I want to protect from being copiedI'm aware that there can't be 100% safety but the users will be not be techies, so a simple solution will do it

 223
Implement a function called indexOf that accepts two paramters: a string and a character [on hold]
JavaScript

Implement a function called indexOf that accepts two paramters: a string and a character [on hold]

This is the code I found onlineI am trying to understand this algorithm but I can’t

 184