From 0e085364fd57a7d49c539c497dbd8d7bf2224d86 Mon Sep 17 00:00:00 2001
From: Petri Lehtinen <petri@digip.org>
Date: Mon, 9 Jan 2012 10:37:03 +0200
Subject: [PATCH] Fix 403 for POST and PUT from the UI with
 UserLoggedInAuthentication

---
 djangorestframework/authentication.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/djangorestframework/authentication.py b/djangorestframework/authentication.py
index 8317af9e2..ea78a0731 100644
--- a/djangorestframework/authentication.py
+++ b/djangorestframework/authentication.py
@@ -96,11 +96,16 @@ class UserLoggedInAuthentication(BaseAuthentication):
             # Temporarily replace request.POST with .DATA, to use our generic parsing.
             # If DATA is not dict-like, use an empty dict.
             if request.method.upper() == 'POST':
+                token = request.POST.get('csrfmiddlewaretoken')
+
                 if hasattr(self.view.DATA, 'get'):
-                    request._post = self.view.DATA
+                    request._post = self.view.DATA.copy()
                 else:
                     request._post = {}
 
+                if token is not None:
+                    request._post['csrfmiddlewaretoken'] = token
+
             resp = CsrfViewMiddleware().process_view(request, None, (), {})
 
             # Replace request.POST