I've been updating my site to a new versions of django/drf from 1.7 to 1.10/2.3 to 3.5.
Now im facing this problem, i am wondering whats causing this.
Forbidden 403 when i request to delete certain email. Post method works thou like a charm
viewsets.py
class EmailReminderViewSet(viewsets.ModelViewSet):
queryset = EmailReminder.objects.all()
permission_classes = [permissions.AllowAny, ]
serializer_class = EmailReminderSerializer
lookup_value_regex = ("@[a-zA-Z0-9_.+-]")
in angular
$http.defaults.headers.common['X-CSRFToken'] = $cookies.csrftoken;
$http.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
Using defaultrouter with no basename for this viewset
But still getting 403 forbidden. Even if i input wrong email address it wouldnt return query with item not found.
Every bit of information how to fix this would be so awesome guys, i've spent more than 40h on this one.
I need to be able to allow both delete and post methods. Post method does work.
Oh, i even tryed disabling middleware csrf and in that case it returned 405 method not allowed.
Site is also using SMS reminder which works for both post/delete methods.