My API:
from rest_framework.authentication import BasicAuthentication
"""A simple API for file upload."""
class FileUploadView(APIView):
parser_classes = (MultiPartParser,)
authentication_classes = (BasicAuthentication,)
@method_decorator(csrf_exempt)
def dispatch(self, request, *args, **kwargs):
return super(FileUploadView, self).dispatch(request, *args, **kwargs)
def put(self, request):
print "request:", str(request.META)
print "request:", str(request.user.username)
try:
data = {'files': 'testing'}
response = Response(data)
except Exception as e:
print "Exception when put file:", e
data = { 'error' : str(e) }
response = Response(data)
return response
The above is my API views.py. I used postman to do PUT. I did not add anything in the header authorization (No HTTP_AUTHORIZATION in the request header), I can get {'files': 'testing'} as my response.
Why? Anything missing? Thanks
You added authentication class but did not restrict access to your view. By default the DRF has unrestricted access . See the documentation section:
If not specified, this setting defaults to allowing unrestricted access:
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.AllowAny',
)