Is there a way to send auth headers from client to the server and read them?
I've a mobile app (Ionic + StencilJS), so its necessary to login the user with the Token, but I can't figure out how to pass it through a header, only in querystring but that is not safe. I'm using the following custom AuthMiddleware for querystring, the Token model is the one of DRF: class TokenAuthMiddleware: """ Custom middleware (insecure) that takes user Tokens from the query string. """ def __init__(self, inner): # Store the ASGI application we were passed self.inner = inner def __call__(self, scope): query_string = scope['query_string'].decode() token = get_query_field(query_string, 'token') if token: close_old_connections() try: token = Token.objects.get(key=token) scope['user'] = token.user except Token.DoesNotExist: scope['user'] = AnonymousUser() return self.inner(scope) TokenAuthMiddlewareStack = lambda inner: TokenAuthMiddleware(AuthMiddlewareStack(inner)) -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/065158aa-c5c3-4b39-bf45-f915039405d4%40googlegroups.com.
