http 403 forbidden authentication credentials were not provided

[ehsandeihimi]

My live site decided to throw a 403 Forbidden error yesterday on authenticated users when calling an Ajax API and I've trying to troubleshoot with no success. I am using Django-rest-framework on DigitalOcean droplet. The problem I get is on the live server. The localhost on my machine works fine when DEBUG = True in my settings.py, but the same code throws the following error on the live server:

HTTP 403 Forbidden
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "detail": "Authentication credentials were not provided."
}

My rest framework setting in settings.py:

## REST framework default permissions
REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',
    ]
}

Since the browsable API requires SessionAuthentication, I tried the following with no success:

## REST framework default permissions
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
       'rest_framework.authentication.SessionAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',
    ]
}

I did look at Django Rest Framework Docs and it seems to suggest that if my user is logged in, the Ajax calls after login should work fine. Am I missing something? Really appreciate your input

UPDATE 1:

When I run the command:

sudo journalctl -u gunicorn -n 25

One of the things I see is gunicorn[820]: Session data corrupted

I did restart the server, hoping that by logging back in, the new session data will be generated, but the same message is displayed. The logged in user is still not able to view the data the ajax call is trying to fetch. How do I resolve the sessions data corrupted message. I am guessing this affects the DRF authenticating the request

[aryaraj132]

If your client is not on the same host as your app, consider adding cors header to your app and see if it solves the problem.

Let me know here if it does or doesn't