401 error on post methods

[m2jobe]

Launched my app today and got a 403 forbidden error on all my methods that fetch data from the DB. After some trial and error I realized that remove "credentials: include" prevent this or going into the model view and setting "authentication_classes = ()" also prevents this.

I'm curious as to why this occurred out of the blue and not yesterday whilst I was developing and the corrent method, should "credentials: include" be set and if so is it fine setting "authentication_classes = ()" or would it raise security issues?

Here is an example of one of my methods and its model view

-- METHOD

export function fetchMetrics() {

return (dispatch, state) => {

    return fetch(${SERVER_URL}/api/v1/strategy/fetchMetrics/, {
        //credentials: include,

        method: post,

        headers: {
            Accept: application/json,
            Content-Type: application/json,
            X-Requested-With: XMLHttpRequest

        }

    })
        .then(checkHttpStatus)
        .then(parseJSON)
        .then((response) => {
          dispatch(metricsDataReceived(response));
        })
        .catch((error) => {

            return Promise.resolve(); // TODO: we need a promise here because of the tests, find a better way
        });
};

} `

-- MODEL VIEW

`

class FetchMetrics(GenericAPIView):

authentication_classes = ()
def post(self, request):
    """Process GET request and return protected data."""
    queryset = Metrics.objects.all()
    serializer = MetricsSerializer(queryset, many=True)
    data = serializer.data

    return Response(data, status=status.HTTP_200_OK)`