I am implementing a post commenting mechanism in DRF using ListCreateAPIView. Using ReactJS, I wanna allow anonymous visitors to comment on a post. I am able to do so only when the csrftoken is available (which means a user must be logged in for the csrftoken to be available).
But I wanna enforce commenting for unauthenticated users/anonymous site visitors. Do you guys know any way to do this, maybe without requiring csrftoken. Or if the token is really needed, is there any way to generate it without relying on Django's authentication process?
I'm knew to Django I badly need direction for this feature I'm developing.
Thanks a heap!
views.py
class APIListCreate__PostComment(generics.ListCreateAPIView):
queryset = PostComment.objects.all().order_by('-created_at')
serializer_class = PostCommentSerializer
permission_classes = [permissions.AllowAny]
pagination_class = None
filter_backends = (DjangoFilterBackend,)
filterset_class = APICustomFilter__PostComment
def get_queryset(self):
# this code block aims to paginate result
# when 'pagination=True' query param is detected in the URL
if self.request.query_params.get('pagination'):
if self.request.query_params.get('pagination') == 'True':
self.pagination_class = APIPagination
return self.queryset
def perform_create(self, serializer):
serializer.save(user=self.request.user)
DRF settings
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
'rest_framework.permissions.IsAuthenticatedOrReadOnly',
),
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
]
}
