specialunderwear
commented
10 months ago I think you need to take a look at precisely what is being returned, there will be more information there.
Open realgyomei opened 10 months ago
specialunderwear
commented
10 months ago I think you need to take a look at precisely what is being returned, there will be more information there.
realgyomei
commented
10 months ago could not find any error message associated with it other than the status(forbidden), how do you propose I check what was returned?
realgyomei
commented
10 months ago I console.logged the response and found this line. responseJSON: detail: "CSRF Failed: CSRF token missing or incorrect."
realgyomei
commented
10 months ago this is my middleware settings: MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'oscarapi.middleware.HeaderSessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware', 'oscarapi.middleware.ApiBasketMiddleWare', ]
r-naeem-afzal
commented
2 months ago The 'oscarapi.middleware.HeaderSessionMiddleware' expects you to send a 'Session-Id' header in the request to manage the session. The format of which is given in the documentation of the middleware. https://django-oscar-api.readthedocs.io/en/stable/topics/middleware.html#header-session-middleware
the add to basket api works just fine with an anonymous user but immediately the user is logged in, it starts returning 403 forbidden. I have 'oscarapi.middleware.ApiBasketMiddleWare','oscarapi.middleware.HeaderSessionMiddleware', in my middleware