encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-07-27 08:29:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

bypass permission checks for OPTIONS requests

Browse Source 
OPTIONS requests, ala CORS, do not supply authentication arguments.
This commit is contained in:
Darrin Massena 2013-01-22 20:18:27 -08:00
parent cf52c0e044
commit a2ff6b7285
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rest_framework/views.py
View File

@ -294,8 +294,8 @@ class APIView(View):
""" """
self.format_kwarg = self.get_format_suffix(**kwargs) self.format_kwarg = self.get_format_suffix(**kwargs)
# Ensure that the incoming request is permitted # Ensure that the incoming request is permitted. OPTIONS requests are always permitted.
if not self.has_permission(request): if request.method != 'OPTIONS' and not self.has_permission(request):
self.permission_denied(request) self.permission_denied(request)
self.check_throttles(request) self.check_throttles(request)