Django - Datatables with Rest Framework

I am using this library for datatables in django-rest. Everything is working fine expect request.user session in views. It seems to me django-datatable is not authenticating the user token and therefore request.user returns anonymous user. And the same is accessible even without sending user token in headers.

Here is my code :

class MyDataTableView(BaseDatatableView):
    model = MyModel
    columns = [***columns** ]
    order_columns = [***columns**]

    def get_initial_queryset(self):
        initial queryset for 
        self.request.user -----> returns antonymous user 

        queryset = self.model.objects
        return queryset


Have You tried to subclass BaseDatatableView and overwrite its .get like:

def get(self, *args, **kwargs):
    super().get(*args, **kwargs)

My guess is that get_initial_queryset can be invoked before actual request dispatch, so the user is anonymous there. When You look into the code of django_datatables/, there is a mixin called JsonResponseMixin. It's GET method is directly responsible for request processing, so You should look for Your answers there. The easiest way - subclass it and overwrite the method.

Have you added the token JS to the Datatables initiation JS file? django-datatables just creates the correct JSON string. Initiating the cookie is different.

I fought with this a while and my missing piece was that I had to get and set the cookie:

// using jQuery
function getCookie(name) {
    var cookieValue = null;
    if (document.cookie && document.cookie !== '') {
        var cookies = document.cookie.split(';');
        for (var i = 0; i < cookies.length; i++) {
            var cookie = jQuery.trim(cookies[i]);
            // Does this cookie string begin with the name we want?
            if (cookie.substring(0, name.length + 1) === (name + '=')) {
                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
    return cookieValue;
var csrftoken = getCookie('csrftoken');

function csrfSafeMethod(method) {
    // these HTTP methods do not require CSRF protection
    return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
    beforeSend: function(xhr, settings) {
        if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
            xhr.setRequestHeader("X-CSRFToken", csrftoken);

this is above where I set the Datatables params for example :

let table = $('#datatables').DataTable({
    "processing": true,
    "serverSide": true,
     stateSave: true,
    "ajax": {


Need Your Help

Attacks on WPF applications

.net wpf security

What attacks or security vulnerabilities are specific to WPF applications?

Using a libgdx com.badlogic.gdx.Preferences in the Main class?

java nullpointerexception libgdx main

I want to start a libgdx game using preferences saved from the options menu in the game when it is started back up. But whenever i try to instantiate a preferences file, i get a null pointer except...