0

I've just changed to a new domain for my remote server, which was already serving JSON via Django Rest Framework (2.4.x).

Prior to the change, it smoothly authenticated users. However, after the switch, it's now throwing the error mentioned in the title.

Feels like a CSRF thing, but I don't know what to fix, or where to sleuth.

Pointers?

Edit:

Traceback:

Traceback (most recent call last):
File ".../project_path/project_name/urls.py", line 584, in list
related_field = self.request.user.relatedfield
AttributeError: 'AnonymousUser' object has no attribute 'relatedfield'

DRF Settings:

REST_FRAMEWORK = {
    'DEFAULT_RENDERER_CLASSES': (
        'rest_framework.renderers.JSONRenderer',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
    ),
    'DEFAULT_FILTER_BACKENDS': (
        'rest_framework.filters.DjangoFilterBackend',
    ),
    'PAGINATE_BY': 10,                 # Default to 10
    'PAGINATE_BY_PARAM': 'page_size',  # Allow client to override, using `?page_size=xxx`.
    'MAX_PAGINATE_BY': 999             # Maximum limit allowed when using `?page_size=xxx`.
}
Improve this question
4
  • 1
    Please post the error traceback and DRF settings. Commented Sep 16, 2015 at 5:07
  • Just did that, please have a look! Commented Sep 16, 2015 at 5:18
  • Also, regular authentication (logging in, creating an account, etc.) works on the web page itself. It seems like this exception is only occurring in this particular DRF URL. Commented Sep 16, 2015 at 5:24
  • 1
    Has the user authenticated whenhe comes to this url? Also, please post your serializer and views where the above code is present. Commented Sep 16, 2015 at 5:59

2 Answers 2

Reset to default
1

I think that since you are making requests from a different domain, the authentication is not able to work correctly.

Since you are using SessionAuthentication, it enforces the use of CSRF token and the whole purpose of CSRF check is to avoid cross-site request forgeries.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

It seems to have worked itself out after I updated the page forwarding rules on the old domain to (only) forward to the new domain. Before, it was also forwarding to https://, among other things. I have upvoted your answer and previous comments but I guess this can't count as an accepted answer. Thank you for your effort and help, I appreciate it!
1

This library help for cross site domain request django-cors-headers. cors-headers app will add Cross-Origin Resource Sharing headers to responses. Read the CORS mechanism.

CORS_ALLOW_HEADERS: specify which non-standard HTTP headers can be used when making the actual request

settings.py

INSTALLED_APPS = (
    ...
    'corsheaders',
    ...
)
MIDDLEWARE_CLASSES = (
    ...
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    ...
)
CORS_ALLOW_HEADERS = (
        'x-requested-with',
        'content-type',
        'accept',
        'origin',
        'authorization',
        'x-csrftoken'
    )
Improve this answer

1 Comment

Already am using CORS in the project. Thank you for the suggestion.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.