Home/ Questions/Q 8493571
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T23:03:09+00:00

I have a very simple Resource like this for my model ‘Presentacion’ class PresentacionResource(ModelResource):

  • 0

I have a very simple Resource like this for my model ‘Presentacion’

class PresentacionResource(ModelResource):
    model = Presentacion
    fields = (some fields)
    ignore_fields = (few to ignore)

and I need to implement authentication for this, so as I read, I created two wrappers

class AuthListOrCreateModelView(ListOrCreateModelView):
    permissions = (IsAuthenticated, )
class AuthInstanceModelView(InstanceModelView):
    permissions = (IsAuthenticated, )

And then in my in my urls.py

url(r'^presentaciones/$', AuthListOrCreateModelView.as_view(resource=PresentacionResource), name='presentacion-root'),
url(r'^presentaciones/(?P<id>[0-9]+)$', AuthInstanceModelView.as_view(resource=PresentacionResource), name='presentacion'),

This is working fine for the GET ‘presentaciones/’ requests but when I try to make a PUT request, I’m getting a 403 FORBIDDEN

What’s strange to me is that GET is working fine: as long as I’m logged, it’s responding correctly but if I logout it responds with 403 FORBIDDEN.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you are using Django’s session based authentication, then you may be tripping over the CSRF protection built into Django (see UserLoggedInAuthentication class[1]).

    If this is the case, you will need to ensure that a CSRF cookie gets sent to the client and then you can adapt the jQuery instructions[2] to send the X-CSRFToken header with requests that may change data.

    [1] http://django-rest-framework.org/_modules/authentication.html

    [2] https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax

    • 0