I'm building and API using DRF and will be using it with a React SPA. I've chosen session authentication for my project because of the following reasons:
- It's built-in to DRF, so no dependence on 3rd party developers (a lot of auth packages or their dependencies are not maintained) - CSRF + Cookie protection - Ability to use Secure and HTTPOnly cookies However, I'm aware that it's recommended that we use Django's authentication views for the authentication pages and the single page app for the post authentication API calls. In this scenario, there are some views (i.e. Login, Logout, Password Reset, Register) for which the server responds with HTML and the rest return JSON. I would like to use different subdomain for these views i.e. different subdomain for HTML views and different subdomain for the JSON views. I'm a Django newbie and would really appreciate some suggestions on the best way to handle the separation of subdomains. I have some idea that the few ways I could achieve this are: - using django-hosts - using django sites (although I'm not sure if the cookie made by one site, would work on the other) - point 2 domains to my server and handle the separation bit in urls.py with urlpatterns In order to get my cookies working with my SPA, I will set the cookie domain appropriately and also using credentials with my XHR calls. Look forward to receiving some suggestions on what would be the best / simplest way to handle this, thanks! -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-rest-framework/a8559a27-7ba3-4165-afcd-983643203f52%40googlegroups.com.