From 1ec165f38c508d7ac4c158ec8d558c5d8f1bd15b Mon Sep 17 00:00:00 2001
From: Tom Christie <tom@tomchristie.com>
Date: Sat, 11 Feb 2012 18:43:58 +0000
Subject: [PATCH] `OPTIONS` is also a safe method.

---
 djangorestframework/permissions.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/djangorestframework/permissions.py b/djangorestframework/permissions.py
index de24e23b7..2d6d89226 100644
--- a/djangorestframework/permissions.py
+++ b/djangorestframework/permissions.py
@@ -20,6 +20,8 @@ __all__ = (
     'PerResourceThrottling'
 )
 
+SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
+
 
 _403_FORBIDDEN_RESPONSE = ErrorResponse(
     status.HTTP_403_FORBIDDEN,
@@ -84,8 +86,7 @@ class IsUserOrIsAnonReadOnly(BasePermission):
 
     def check_permission(self, user):
         if (not user.is_authenticated() and
-            self.view.method != 'GET' and
-            self.view.method != 'HEAD'):
+            self.view.method not in SAFE_METHODS):
             raise _403_FORBIDDEN_RESPONSE