haha

server/api/auth.py

@@ -5,7 +5,7 @@
 import uuid
 
 from rest_framework import status
-from rest_framework.decorators import api_view, permission_classes
+from rest_framework.decorators import api_view, authentication_classes, permission_classes
 from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
 
@@ -15,6 +15,7 @@ from server.serializers import LoginSerializer
 
 
 @api_view(["POST"])
+@authentication_classes([])  # 登录接口不校验 Cookie token，避免未带 Cookie 时被默认权限判为 403
 @permission_classes([AllowAny])
 def login(request):
     """