All API views on stage and dev return 403 Forbidden

denshoproject / ddr-public

Web UI for publishing DDR collections.

Other

1 stars 1 forks source link

All API views on stage and dev return 403 Forbidden #219

Closed gjost closed 3 months ago

gjost commented 8 months ago

All pages in the ddrpublic API return 403 Forbidden when viewed behind the HTTP Basic auth on the stage and dev sites. This makes testing and development harder.

gjost commented 7 months ago

Django REST Framework's default settings send HTTP Basic auth username/passwords to the Django authentication system, which breaks the API when it is behind a password, like in dev/stage.

Solution is to disable rest_framework.authentication.BasicAuthentication. See https://stackoverflow.com/questions/15975106/django-rest-framework-gives-403-when-behind-nginx-but-not-directly

gjost commented 7 months ago

Fixed in commit cc7d429 on branch 220-api-nrid-objects and also in commit a5a5f86 to be merged in branch develop.