403 Error "Authentication credentials were not provided" in Safari, but not in Chrome, Edge, Firefox, etc. [Django + Next.js]

Question

Currently i'm having problems running my page in Safari and iOS devices.

The main problem is that Safari is returning 403 errors in some endpoints, but the token was sent and this is only happening in this browser.

For example: The following endpoint was called at the same time, the first one in Windows + Chrome and the other in Macbook + Safari 14. The query strings, the url and the token are the same for both requests.

get_quantites enpoint with status 200

get_quantites enpoint with status 200 - headers

get_quantites enpoint with status 403

I'm using django-rest-framework authentication token Setup implemented here

Some useful code here:

settings.py

REST_FRAMEWORK = {
    'DEFAULT_SCHEMA_CLASS': 
    'rest_framework.schemas.coreapi.AutoSchema',
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'users.authentication.SafeJWTAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    )
}

Endpoint

class JkmdWastagecategoriesViewSet(ModelViewSet):
queryset = JkmdWastagecategories.objects.order_by('pk')
serializer_class = JkmdWastagecategoriesSerializer

@action(detail=False)
def get_categories(self, request):
    """
    Recieve a machine name as machine_name and return
    the wastages categories
    """
    data = []
    machine_name = request.GET.get('machine_name')
  
    machine = JkmdMachine.objects.filter(name=machine_name).first()

    if machine:
        categories_pl = JkmdWastagecategories.objects.filter(
            production_line=machine.machine_group.operation.process.production_line,
        )
        serializer_pl = JkmdWastagecategoriesSerializer(
            categories_pl, many=True)
        if serializer_pl:
            data += serializer_pl.data

        categories_one = JkmdWastagecategories.objects.filter(
            operation=machine.machine_group.operation,
        )
        serializer_one = JkmdWastagecategoriesSerializer(
            categories_one, many=True)
        if serializer_one:
            data += serializer_one.data

        categories_two = JkmdWastagecategories.objects.filter(
            machine_group=machine.machine_group,
        )
        serializer_two = JkmdWastagecategoriesSerializer(
            categories_two, many=True)
        if serializer_two:
            data += serializer_two.data

        categories_three = JkmdWastagecategories.objects.filter(
            machine=machine,
        )

        serializer_three = JkmdWastagecategoriesSerializer(
            categories_three, many=True)
        if serializer_three:
            data += serializer_three.data

    return Response(data, status=status.HTTP_200_OK)

custom axios object

const service = axios.create();

service.interceptors.request.use(
  function (config) {
    let cancel;
    // Set the cancelToken object
    config.cancelToken = new axios.CancelToken(function (c) {
      cancel = c;
    });
    // Prevent repeated requests. When the previous request is not completed, the same request will not proceed
    stopRepeatRequest(
      reqList,
      config.url,
      cancel,
      `${config.url}  Request interrupted`
    );
    const token = window.localStorage.getItem("access_token");
    if (token) {
      config.headers["Authorization"] = `Token ${token}`;
    }
    config.headers["Content-Type"] = "application/json";
    return config;
  },
  function (error) {
    return Promise.reject(error);
  }
);

The requests and responses are currently manage with redux.

Sorry but the amount of information is totally insufficient to provide any help. "some endpoints"? What makes these endpoints different than others which work? Where is any source code of these endpoints to show us what's going on there? Also please post all information as text instead of images - request/response dump can be easily written in plaintext. — yedpodtrzitko, Sep 20 '21 at 21:34
@yedpodtrzitko I posted the question by mistake without the code and the images, but is already edited. — Diego Oquendo, Sep 20 '21 at 21:56

score 2 · Accepted Answer · answered Sep 21 '21 at 22:35

After spending some time searching for answers, I finally got it.

This post gave me the idea and maybe some endpoints were not dealing correctly with routes standards of DRF and was right:

Some endpoints has no "/" before the query strings

- axios.get(`.../get_quantities?machine_name=${machine_name}`)
+ axios.get(`.../get_quantities/?machine_name=${machine_name}`)

Some endpoints has no "/" at the end

- axios.get('.../get_pb_list')
+ axios.get('.../get_pb_list/')

403 Error "Authentication credentials were not provided" in Safari, but not in Chrome, Edge, Firefox, etc. [Django + Next.js]

1 Answers1