Couple of reasons why we needed to do it. 1. Allow auth to be controlled per-view. 2. Ensure that CSRF is only required for session authentication. (While still supporting both session and non-session auth)
Something similar could be ported into Django core, the question there is less “would that be reasonable” and more “who’s motivated to take that on?” It’s mean plenty of work, plus questions about the upgrade path from REST framework. -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
