Why I need add the `Authorization` in the request header when access the APIs?

189
March 15, 2018, at 5:50 PM

I use the Python/Django write the backend, use Django-Rest-Framework write the APIs, I also used the rest_auth, allauth, see my settings.py:

INSTALLED_APPS = [
    ...
    'corsheaders', 
    'rest_framework',
    'rest_framework.authtoken',
    'rest_framework_docs',  # API docs
    'rest_auth',
    'allauth',
    'allauth.account',

but when the frontend access the APIs, it will must add the Authorization in the Request Header, otherwise can not access success: as a example:

    var that = this
    // login 
    that.$http.post(Urls.users.login(), params).then((response) => {
      that.$Cookies.set('token', response.data.key);
    }).catch((response) => {   //  if the header do not have `Authorization`, there will go to there directly, and pay attention: the response is undefined.

      }
    )
Answer 1

You add 'rest_framework.authtoken' to INSTALLED_APPS and set

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticatedOrReadOnly',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
    )
}

in settings.py. Then DjangoRestFramework will check you identity when you ask server with unsafe method like post\patch\delete.You login method is handle by post method which will ask identity.But you get your token after login.

Two way to handle you problem, one is set:

'DEFAULT_PERMISSION_CLASSES': (
    'rest_framework.permissions.AllowAny',
),

which is not recommend.second way is set permissions for your login method like:

from rest_framework.permissions import AllowAny
@list_route(methods=['POST'], permission_classes=[AllowAny])
def login(self, request):
    pass
Rent Charter Buses Company
READ ALSO
formData image attribute file issue

formData image attribute file issue

I'm sending an image attribute file by ajax callBut having problems on getting that file in image attribute array in formData

266
Get selected text position inside div and persist

Get selected text position inside div and persist

I am trying to get the position of the selected text, replace it with some HTML and then I want to persist the position of the selected text, so that the next time I render the html I want to show the highlight on the selected text

308
How to limit copying from electron app to certain word length?

How to limit copying from electron app to certain word length?

I have an electron app with some data which I want to protect from being copiedI'm aware that there can't be 100% safety but the users will be not be techies, so a simple solution will do it

223
Implement a function called indexOf that accepts two paramters: a string and a character [on hold]

Implement a function called indexOf that accepts two paramters: a string and a character [on hold]

This is the code I found onlineI am trying to understand this algorithm but I can’t

184