Commits · b187f53453d3885cd918f5f9f4490bcc8e3e2410 · edx / django-rest-framework

23 Sep, 2014 1 commit

Changed return status for CSRF failures to HTTP 403 · b187f534

By default, Django returns "HTTP 403 Forbidden" responses when CSRF
validation failed[1]. CSRF is a case of authorization, not of
authentication. Therefore `PermissionDenied` should be raised instead
of `AuthenticationFailed`.

[1] https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#rejected-requests

committed Sep 23, 2014

b187f534 Browse Files

22 Sep, 2014 10 commits
- allow_blank, allow_null · 5d80f7f9
  Tom Christie committed Sep 22, 2014
  
  5d80f7f9 Browse Files
- Tests & tweaks for ChoiceField · 5a95baf2
  Tom Christie committed Sep 22, 2014
  
  5a95baf2 Browse Files
- Tests and tweaks for choice fields · b5454dd0
  Tom Christie committed Sep 22, 2014
  
  b5454dd0 Browse Files
- More compat fixes · e5f0a975
  Tom Christie committed Sep 22, 2014
  
  e5f0a975 Browse Files
- Support format=None for date/time fields · 5586b658
  Tom Christie committed Sep 22, 2014
  
  5586b658 Browse Files
- Tweaks to DecimalField · 4db23cae
  Tom Christie committed Sep 22, 2014
  
  4db23cae Browse Files
- Fix compat issues · 249253a1
  Tom Christie committed Sep 22, 2014
  
  249253a1 Browse Files
- Ensure 'messages' in fields are respected in preference to default validator messages · c54f3949
  Tom Christie committed Sep 22, 2014
  
  c54f3949 Browse Files
- Tests and tweaks for text fields · afb3f8ab
  Tom Christie committed Sep 22, 2014
  
  afb3f8ab Browse Files
- Field tests and associated cleanup · af46fd6b
  Tom Christie committed Sep 22, 2014
  
  af46fd6b Browse Files
19 Sep, 2014 6 commits
- Moar tests · cf72b9a8
  Tom Christie committed Sep 19, 2014
  
  cf72b9a8 Browse Files
- Test rejigging · b361c54c
  Tom Christie committed Sep 19, 2014
  
  b361c54c Browse Files
- Add BaseSerializer heading · c0150e61
  Tom Christie committed Sep 19, 2014
  
  c0150e61 Browse Files
- Merge branch 'master' into version-3.0 · 88008c0a
  Tom Christie committed Sep 19, 2014
  
  88008c0a Browse Files
- Initial release notes · 6d73b596
  Tom Christie committed Sep 19, 2014
  
  6d73b596 Browse Files
- Test tweaking · 12ccb0fe
  Tom Christie committed Sep 19, 2014
  
  12ccb0fe Browse Files
18 Sep, 2014 9 commits
- Merge pull request #1887 from pipermerriam/piper/decorate_as_view_response_from_viewsets · 1e9ea377
```
Fix missing CSRF exemption on viewsets
```
  Tom Christie committed Sep 18, 2014
  1e9ea377 Browse Files
- Merge pull request #1882 from mattjmorrison/patch-2 · ddbd3cb6
```
Clarify "raised inside REST framework"
```
  Tom Christie committed Sep 18, 2014
  ddbd3cb6 Browse Files
- Fix missing CSRF exemption on viewsets · 7f758d1c
  Piper Merriam committed Sep 18, 2014
  
  7f758d1c Browse Files
- Added a model update integration test · f9004931
  Tom Christie committed Sep 18, 2014
  
  f9004931 Browse Files
- ModelSerializer.create() to handle many to many by default · 106362b4
  Tom Christie committed Sep 18, 2014
  
  106362b4 Browse Files
- First pass on ManyRelation · 9fdb2280
  Tom Christie committed Sep 18, 2014
  
  9fdb2280 Browse Files
- Test for custom fields · 3bc628ed
  Tom Christie committed Sep 18, 2014
  
  3bc628ed Browse Files
- Configuration correctness tests on ModelSerializer · 87734be5
  Tom Christie committed Sep 18, 2014
  
  87734be5 Browse Files
- get_base_field() refactor · 5b7e4af0
  Tom Christie committed Sep 18, 2014
  
  5b7e4af0 Browse Files
17 Sep, 2014 8 commits
- Fixed code formatting · 764366b2
  Matthew J Morrison committed Sep 17, 2014
  
  764366b2 Browse Files
- Update routers.py · 8c8d355e
  Tom Christie committed Sep 17, 2014
  
  8c8d355e Browse Files
- Merge pull request #1865 from mskrajnowski/default-router-listless-viewset · 3376c378
```
DefaultRouter support for viewsets without an implemented default action
```
  Tom Christie committed Sep 17, 2014
  3376c378 Browse Files
- Merge pull request #1883 from jpadilla/master · 543c6c8e
```
Update authtoken latest Django 1.7 migration
```
  Tom Christie committed Sep 17, 2014
  543c6c8e Browse Files
- Update initial migration to work on Python 3 · de5fbf7d
  José Padilla committed Sep 17, 2014
  
  de5fbf7d Browse Files
- Update comments · c0155fd9
  Tom Christie committed Sep 17, 2014
  
  c0155fd9 Browse Files
- Update authtoken latest Django 1.7 migration · a37db382
  José Padilla committed Sep 17, 2014
  
  a37db382 Browse Files
- Clarify "raised inside REST framework" · e5af0bbb
```
I ran into an issue today where I was not seeing the rest_framework.views.exception_handler do what I thought it should be doing. It turned out that I had imported View from rest_framework.views rather than importing APIView from rest_framework.views. The phrase "raised inside REST framework" was confusing as I was debugging this issue. I was unsure if that meant that I could raise those exceptions in my code or if it had to originate from within framework code.

I'm not sure if the proposed wording is ideal, I just wanted to point out what I found to be confusing.
```
  Matthew J Morrison committed Sep 17, 2014
  e5af0bbb Browse Files
16 Sep, 2014 1 commit
- Merge pull request #1874 from sheppard/patch-3 · 92fb08bc
```
add wq.db router and django-rest-pandas renderers
```
  Tom Christie committed Sep 16, 2014
  92fb08bc Browse Files
15 Sep, 2014 5 commits
- add wq.db router and django-rest-pandas renderers · 3725a1e7
  S. Andrew Sheppard committed Sep 15, 2014
  
  3725a1e7 Browse Files
- Tests for through relationships · 4ddc661b
  Tom Christie committed Sep 15, 2014
  
  4ddc661b Browse Files
- Fix nested model serializer base class · d196608d
  Tom Christie committed Sep 15, 2014
  
  d196608d Browse Files
- Tests for reverse relationships · 0c15b97b
  Tom Christie committed Sep 15, 2014
  
  0c15b97b Browse Files
- Clean up field mapping tests · c1e2a9cb
  Tom Christie committed Sep 15, 2014
  
  c1e2a9cb Browse Files