Deprecation warning for APIs that do not use auth · Issue #3494 · encode/django-rest-framework (original) (raw)

Problem

When a site is using DRF without the need for authentication they will likely end up with a Django + 3rd party app list similar to this:

(
    'django.contrib.staticfiles',
    'rest_framework',
)

Now the problem is that any request to a URL using DRF will produce deprecation warnings from the use of ContentType, Permission, Group and User models from contrib.auth and contrib.contenttypes. Each warning looks similar to the following.

(snip).models.ContentType doesn't declare an explicit app_label and either isn't in an application in INSTALLED_APPS or else was imported before its application was loaded. This will no longer be supported in Django 1.9.
  class ContentType(models.Model):

I have confirmed that if Django 1.9a1 is used this warning turns into a runtime error:

Exception Type:     RuntimeError
Exception Value:    
Model class django.contrib.contenttypes.models.ContentType doesn't declare an explicit app_label and either isn't in an application in INSTALLED_APPS or else was imported before its application was loaded. 

Workaround

Use this REST_FRAMEWORK setting to disable the referencing of AnonymousUser

REST_FRAMEWORK = { 'UNAUTHENTICATED_USER': None, }