I have a social media-type web app and want to have some read-only access even when a user isn't logged in. For example, if the user votes on a poll, I want nothing to happen but the user should still be able to see it. I am using token authorization. I'm wondering, should I do a check on the front-end somehow to see if a user is logged in (perhaps checking for the existence of a token in local storage) and not perform a fetch if they're not? Or should I somehow, in the frontend, handle receiving a 401 response from the backend for trying to access a protected resource? Or should I handle it on the back end and send back a 200 response and let the front end handle receiving a different version of a 200 response?
I'm using Django and React
Question has tag django-rest-framework so I suppose you are using it.
Take a look at DRF permissions documentation. There is IsAuthenticatedOrReadOnly permission which allows read-only access for unauthenticated users (list, retrieve actions), but only allows create, update, delete to authenticated users.