From b47b36684798f87187b65a97efbf201314a9b0a9 Mon Sep 17 00:00:00 2001 From: sobolevn Date: Tue, 3 Feb 2026 16:30:18 +0300 Subject: [PATCH] Fix typo in `authentication.md` (#9880) --- docs/api-guide/authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md index a00a3873f..e4fff74a6 100644 --- a/docs/api-guide/authentication.md +++ b/docs/api-guide/authentication.md @@ -89,7 +89,7 @@ Note that when a request may successfully authenticate, but still be denied perm ## Django 5.1+ `LoginRequiredMiddleware` -If you're running Django 5.1+ and use the [`LoginRequiredMiddleware`][login-required-middleware], please note that all views from DRF are opted-out of this middleware. This is because the authentication in DRF is based authentication and permissions classes, which may be determined after the middleware has been applied. Additionally, when the request is not authenticated, the middleware redirects the user to the login page, which is not suitable for API requests, where it's preferable to return a 401 status code. +If you're running Django 5.1+ and use the [`LoginRequiredMiddleware`][login-required-middleware], please note that all views from DRF are opted-out of this middleware. This is because the authentication in DRF is based on authentication and permissions classes, which may be determined after the middleware has been applied. Additionally, when the request is not authenticated, the middleware redirects the user to the login page, which is not suitable for API requests, where it's preferable to return a 401 status code. REST framework offers an equivalent mechanism for DRF views via the global settings, `DEFAULT_AUTHENTICATION_CLASSES` and `DEFAULT_PERMISSION_CLASSES`. They should be changed accordingly if you need to enforce that API requests are logged in.