Accessing river Admin leads to 403 Forbidden Error

[rupin]

Describe the bug
I try and access http:///river-admin

To Reproduce
Steps to reproduce the behavior:

1. With Django version 2.2
2. With Python version 3.6.9

Expected behavior
I expected the River Admin to load.

Screenshots

*POSTGRESQL 10

Additional context
If permission classes are added in settings, a 403 error is recieved.
I have the following added in my settings.py
REST_FRAMEWORK = {
# Use Django's standard django.contrib.auth permissions,
# or allow read-only access for unauthenticated users.
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated'
],
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication', # <-- And here
'rest_framework.authentication.SessionAuthentication',
#'rest_framework.authentication.BasicAuthentication'
'rest_framework.authentication.BasicAuthentication'

],
'EXCEPTION_HANDLER': 'river_admin.views.exception_handler'

}

When the DEFAULT_PERMISSION_CLASSES are removed, the page loads, but no authentication happens as shown in the screenshot.

[javrasya]

Hi @rupin ,

How do you see that it is 403? An on which screen?

The rest framework settings should be as it is stated in the documentation;

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.TokenAuthentication',
    ],
    'EXCEPTION_HANDLER': 'river_admin.views.exception_handler'
}

river-admin is authentication through two channels; Basic auth which is for the first time you log in and token-based which is for after login. The moment you log in, a token is generated as to reside in your browser session like a cookie and then that token keeps getting used for all the API calls.

[rupin]

When I try to access /river-admin I get a 403 Error.

See a video of this in action here https://www.loom.com/share/2f161ad4a8604de0898b87a182e21c2a

I understand the settings as stated in the documentation. But I also have a permission class

'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated'
],

Which when removed from my settings, leads to the login page being visible. What are the login credentials to river-admin? these are not the same as the django admin interface?

[agriev]

in safari:

and csrf token presents in request.

in chrome everything is correct

[redbearder]

I also face this issue
and simple way to fix that is delete csrf cookie in browser developer console
root cause has not been found
later

[VaZark]

I faced the same error but on adding "rest_framework.authtoken" along with "rest_framework", it started working.