Vue.js 使用DRF simple jwt的未受保护API的401错误
我正在写一个drf+vue网站 drf后端有一些受保护的api:Vue.js 使用DRF simple jwt的未受保护API的401错误,vue.js,django-rest-framework,axios,django-rest-framework-simplejwt,Vue.js,Django Rest Framework,Axios,Django Rest Framework Simplejwt,我正在写一个drf+vue网站 drf后端有一些受保护的api: class UserProfileViewSet(mixins.ListModelMixin, mixins.RetrieveModelMixin, mixins.UpdateModelMixin, viewsets.GenericViewSet): serializer_
class UserProfileViewSet(mixins.ListModelMixin,
mixins.RetrieveModelMixin,
mixins.UpdateModelMixin,
viewsets.GenericViewSet):
serializer_class = UserProfileRUSerializer
permission_classes = [permissions.IsAuthenticated, ]
...
还有一些未受保护的视图
class TopicViewSet(mixins.CreateModelMixin,
mixins.ListModelMixin,
mixins.RetrieveModelMixin,
mixins.UpdateModelMixin,
viewsets.GenericViewSet):
serializer_class = TopicSerializer
permission_classes = [permissions.AllowAny,]
...
我使用drf simple jwt生成令牌:
# setting.py
SIMPLE_JWT = {
# 5 seconds life time is very easy to test
'ACCESS_TOKEN_LIFETIME': timedelta(seconds=5),
'REFRESH_TOKEN_LIFETIME': timedelta(days=14),
'ROTATE_REFRESH_TOKENS': True
}
在前端,我使用axios:
axios.interceptors.request.use(config => {
config.headers.Authorization = 'Bearer ' + window.localStorage.getItem("token")
return config
})
行为:
class UserProfileViewSet(mixins.ListModelMixin,
mixins.RetrieveModelMixin,
mixins.UpdateModelMixin,
viewsets.GenericViewSet):
serializer_class = UserProfileRUSerializer
permission_classes = [permissions.IsAuthenticated, ]
...
- 登录后,我得到一个令牌并刷新令牌
- 在5秒钟内,我可以正常访问受保护视图和未受保护视图
- 5秒钟后,我从受保护的视图中得到一个401错误(这是预期的)
- 但是我也从未受保护的视图中得到了一个401错误(这是不可预料的)
class UserProfileViewSet(mixins.ListModelMixin,
mixins.RetrieveModelMixin,
mixins.UpdateModelMixin,
viewsets.GenericViewSet):
serializer_class = UserProfileRUSerializer
permission_classes = [permissions.IsAuthenticated, ]
...
当使用无效的令牌向未受保护的api发出请求时,响应为401,这是预期响应吗
(我认为api未受保护,因此令牌将被忽略,返回200成功)
非常感谢