CODEWITHSUNDEEP
djangoauthenticationdjango-rest-frameworkcsrf
gx14
gx14

Reputation: 263

Getting 'AnonymousUser' object has no attribute 'attribute' exception with DRF

I've just changed to a new domain for my remote server, which was already serving JSON via Django Rest Framework (2.4.x).

Prior to the change, it smoothly authenticated users. However, after the switch, it's now throwing the error mentioned in the title.

Feels like a CSRF thing, but I don't know what to fix, or where to sleuth.

Pointers?

Edit:

Traceback:

Traceback (most recent call last):
File ".../project_path/project_name/urls.py", line 584, in list
related_field = self.request.user.relatedfield
AttributeError: 'AnonymousUser' object has no attribute 'relatedfield'

DRF Settings:

REST_FRAMEWORK = {
    'DEFAULT_RENDERER_CLASSES': (
        'rest_framework.renderers.JSONRenderer',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
    ),
    'DEFAULT_FILTER_BACKENDS': (
        'rest_framework.filters.DjangoFilterBackend',
    ),
    'PAGINATE_BY': 10,                 # Default to 10
    'PAGINATE_BY_PARAM': 'page_size',  # Allow client to override, using `?page_size=xxx`.
    'MAX_PAGINATE_BY': 999             # Maximum limit allowed when using `?page_size=xxx`.
}

Upvotes: 0

Views: 1337

Answers (2)

Seenu S
Seenu S

Reputation: 3481

This library help for cross site domain request django-cors-headers. cors-headers app will add Cross-Origin Resource Sharing headers to responses. Read the CORS mechanism.

CORS_ALLOW_HEADERS: specify which non-standard HTTP headers can be used when making the actual request

settings.py

INSTALLED_APPS = (
    ...
    'corsheaders',
    ...
)
MIDDLEWARE_CLASSES = (
    ...
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    ...
)
CORS_ALLOW_HEADERS = (
        'x-requested-with',
        'content-type',
        'accept',
        'origin',
        'authorization',
        'x-csrftoken'
    )

Upvotes: 1

Rahul Gupta
Rahul Gupta

Reputation: 47906

I think that since you are making requests from a different domain, the authentication is not able to work correctly.

Since you are using SessionAuthentication, it enforces the use of CSRF token and the whole purpose of CSRF check is to avoid cross-site request forgeries.

Upvotes: 1

Related Questions