Open realgyomei opened 10 months ago
I think you need to take a look at precisely what is being returned, there will be more information there.
could not find any error message associated with it other than the status(forbidden), how do you propose I check what was returned?
I console.logged the response and found this line. responseJSON: detail: "CSRF Failed: CSRF token missing or incorrect."
this is my middleware settings: MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'oscarapi.middleware.HeaderSessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware', 'oscarapi.middleware.ApiBasketMiddleWare', ]
The 'oscarapi.middleware.HeaderSessionMiddleware' expects you to send a 'Session-Id' header in the request to manage the session. The format of which is given in the documentation of the middleware. https://django-oscar-api.readthedocs.io/en/stable/topics/middleware.html#header-session-middleware
the add to basket api works just fine with an anonymous user but immediately the user is logged in, it starts returning 403 forbidden. I have 'oscarapi.middleware.ApiBasketMiddleWare','oscarapi.middleware.HeaderSessionMiddleware', in my middleware