encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-02-09 16:10:50 +03:00
Code Issues Packages Projects Releases Wiki Activity

OPTIONS is also a safe method.

Browse Source
This commit is contained in:
Tom Christie 2012-02-11 18:43:58 +00:00
parent 24911f37e4
commit 1ec165f38c
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
djangorestframework/permissions.py
View File

@ -20,6 +20,8 @@ __all__ = (
'PerResourceThrottling' 'PerResourceThrottling'
) )
SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
_403_FORBIDDEN_RESPONSE = ErrorResponse( _403_FORBIDDEN_RESPONSE = ErrorResponse(
status.HTTP_403_FORBIDDEN, status.HTTP_403_FORBIDDEN,
@ -84,8 +86,7 @@ class IsUserOrIsAnonReadOnly(BasePermission):
def check_permission(self, user): def check_permission(self, user):
if (not user.is_authenticated() and if (not user.is_authenticated() and
self.view.method != 'GET' and self.view.method not in SAFE_METHODS):
self.view.method != 'HEAD'):
raise _403_FORBIDDEN_RESPONSE raise _403_FORBIDDEN_RESPONSE