Call an endpoint without Authorization header

jpadilla / django-rest-framework-jwt

JSON Web Token Authentication support for Django REST Framework

http://jpadilla.github.io/django-rest-framework-jwt/

MIT License

3.19k stars 648 forks source link

Call an endpoint without Authorization header #469

Closed Li-ReDBox closed 5 years ago

Li-ReDBox commented 5 years ago

I have a view derived from viewsets.ModelViewSet. When I call it with Authorization header, request is checked for authentication. But if I call it without the header, the access is granted.

I found this line of code. It seems to me if the header is not valid it simply returns None instead of raise exception.

Have I correctly read the code?

Li-ReDBox commented 5 years ago

Now I think I know the reason: an application can have multiple authentication backend.