The OPTIONS method creates a cloned-request to simulate PUT/POST methods. But the implementation did not propagate the cloned-request to the View. This caused views that change the serializer per the http-method to return the incorrect serializer.

2025-08-03 12:00:12 +03:00 · 2014-04-07 17:17:34 +03:00 · 2014-04-07 17:17:34 +03:00 · 1f72fd42bc
commit 1f72fd42bc
parent 115fe04842
1 changed files with 4 additions and 2 deletions
--- a/rest_framework/generics.py
+++ b/rest_framework/generics.py
@ -371,10 +371,11 @@ class GenericAPIView(views.APIView):
            if method not in self.allowed_methods:
                continue

-            cloned_request = clone_request(request, method)
+            original_request = clone_request(request, request.method)
+            self.request = clone_request(request, method)
            try:
                # Test global permissions
-                self.check_permissions(cloned_request)
+                self.check_permissions(self.request)
                # Test object permissions
                if method == 'PUT':
                    try:
@ -392,6 +393,7 @@ class GenericAPIView(views.APIView):
                # appropriate metadata about the fields that should be supplied.
                serializer = self.get_serializer()
                actions[method] = serializer.metadata()
+                self.request = original_request

        if actions:
            ret['actions'] = actions