my request.user is anonymous

yutianyang1 · March 30, 2022, 2:22am

when I use firefox or edge,after I use user=authenticate(request,username=username,password=password)
login(request,user),
and then I reload my front-end page, the request.user is still anonymous,but when I use chrome, it login successfully,what’s wrong?

zakari-abdoul · March 30, 2022, 11:43am

I don’t really know exactly what happened but you can check these hypotheses:

Clear your browsers cache or just navigate with private window.
insert the @login_required decorator on the view
you can also verifie if the request.user.is_anonymous returns True.

yutianyang1 · March 30, 2022, 12:20pm

thank you,I insert the @login_required and the front-end page console said ```www.ytysite.ltd/:1

   Access to XMLHttpRequest at 'https://ytysite.ltd/accounts/login/?next=/settings/login/%3Fusername%3Dadmin%26password%3DyangT521.' (redirected from 'https://ytysite.ltd/settings/login?username=admin&password=yangT521.') from origin 'https://www.ytysite.ltd' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. ``` on edge,and the chrome still login successfully

zakari-abdoul · March 30, 2022, 12:26pm

you obviously using Django Rest Framework ?
So you need to include the CORS management systems in your settings file.
It allow your front to be able to communicate with the back.

zakari-abdoul · March 30, 2022, 12:35pm

You need these:

python -m pip install django-cors-headers

In your installed app, insert this

```
 'corsheaders',
```

)

In your MIDDLEWARE, insert this


  'corsheaders.middleware.CorsMiddleware',
  'django.middleware.common.CommonMiddleware',

]``

After find somewhere at bottom to insert this

CORS_ALLOWED_ORIGINS = [*]

this is the link for further informations Cors

yutianyang1 · March 30, 2022, 1:14pm

thank you so much! but my console error changes to www.ytysite.ltd/:1

   Access to XMLHttpRequest at 'https://ytysite.ltd/settings/getinfo/?platform=web' from origin 'https://www.ytysite.ltd' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'https://www.ytysite.ltd, https://www.ytysite.ltd', but only one is allowed.

zakari-abdoul · March 30, 2022, 1:28pm

Try to put ‘*’ which means “all” in CORS_ALLOWED_ORIGINS = ['*']
and add CORS_ORIGIN_ALLOW_ALL = True

Don’t forget the link in my third point

yutianyang1 · March 30, 2022, 2:10pm

Is it related to my nginx? there is a add_header 'Access-Control-Allow-Origin' '*' in my nginx.conf

zakari-abdoul · March 30, 2022, 2:39pm

I don’t think so, try to have access without the NGINX server to see the behavior .

yutianyang1 · March 31, 2022, 2:53am

I delete the add_header in my nginx.conf and the console error changed to
GET https://ytysite.ltd/accounts/login/?next=/settings/login/%3Fusername%3Dyty%26password%3DyangT521. 404 (Not Found)
now when I login

Topic		Replies	Views
Access to XMLHttpRequest has been blocked by CORS policy Forms & APIs	15	8003	August 3, 2024
LOGIN_URL to my another server Mystery Errors	0	307	January 18, 2024
Django CORS Headers Forms & APIs	3	1248	April 28, 2023
Django and CORS Getting Started	8	26597	January 29, 2024
Cross-Origin request failed from React Forms & APIs	0	308	April 4, 2024

my request.user is anonymous

Related topics