encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-02-03 13:14:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

OPTIONS is also a safe method.

Browse Source
This commit is contained in:
Tom Christie 2012-02-11 18:43:58 +00:00
parent 24911f37e4
commit 1ec165f38c
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
djangorestframework/permissions.py
View File

@ -20,6 +20,8 @@ __all__ = (
'PerResourceThrottling'
)
SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
_403_FORBIDDEN_RESPONSE = ErrorResponse(
status.HTTP_403_FORBIDDEN,
@ -84,8 +86,7 @@ class IsUserOrIsAnonReadOnly(BasePermission):
def check_permission(self, user):
if (not user.is_authenticated() and
self.view.method != 'GET' and
self.view.method != 'HEAD'):
self.view.method not in SAFE_METHODS):
raise _403_FORBIDDEN_RESPONSE