Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
403 error on user requests
See original GitHub issueSteps to Reproduce:
- Sign into a non-administrative user
- Attempt to retrieve another user from
GET /auth/users/:userid/
Expected results:
The user is sent back.
Actual results:
403 error.
This was broken by https://github.com/sunscrapers/djoser/commit/0d36af98ac26691678ac11b91d4b04c2e0e59a69. It completely restricts access to other users, rather than limiting it to read-only.
Issue Analytics
- State:
- Created 5 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
HTTP Error 403 Forbidden: What It Means and How to Fix It
The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it...If authentication credentials ...
Read more >Python requests. 403 Forbidden - Stack Overflow
It seems the page rejects GET requests that do not identify a User-Agent . I visited the page with a browser (Chrome) and...
Read more >What Is the 403 Forbidden Error and How to Fix It (8 Methods ...
The 403 Forbidden error message isn't a sign of something inherently bad happening to your website. It simply means that there is an...
Read more >What Is a 403 Forbidden Error (and How Can I Fix It)?
A 403 Forbidden Error occurs when you do not have permission to access a web page or something else on a web server....
Read more >403 Forbidden - HTTP - MDN Web Docs - Mozilla
The HTTP 403 Forbidden response status code indicates that the server understands the request but refuses to authorize it.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
OK, I think I have an elegant solution 😃
@dekoza IIRC that functionality is already handled by the split between the regular user serializer and the current user serializer. Private user fields could be excluded from the former and included in the latter.