I'm building and API using DRF and will be using it with a React SPA. 

I've chosen session authentication for my project because of the following 
reasons:

   - It's built-in to DRF, so no dependence on 3rd party developers (a lot 
   of auth packages or their dependencies are not maintained)
   - CSRF + Cookie protection
   - Ability to use Secure and HTTPOnly cookies

However, I'm aware that it's recommended that we use Django's 
authentication views for the authentication pages and the single page app 
for the post authentication API calls.

In this scenario, there are some views (i.e. Login, Logout, Password Reset, 
Register) for which the server responds with HTML and the rest return JSON. 
I would like to use different subdomain for these views i.e. different 
subdomain for HTML views and different subdomain for the JSON views.

I'm a Django newbie and would really appreciate some suggestions on the 
best way to handle the separation of subdomains. I have some idea that the 
few ways I could achieve this are:

   - using django-hosts
   - using django sites (although I'm not sure if the cookie made by one 
   site, would work on the other)
   - point 2 domains to my server and handle the separation bit in urls.py 
   with urlpatterns


In order to get my cookies working with my SPA, I will set the cookie 
domain appropriately and also using credentials with my XHR calls.

Look forward to receiving some suggestions on what would be the best / 
simplest way to handle this, thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-rest-framework/a8559a27-7ba3-4165-afcd-983643203f52%40googlegroups.com.

Reply via email to