Files · b187f53453d3885cd918f5f9f4490bcc8e3e2410 · edx / django-rest-framework

Changed return status for CSRF failures to HTTP 403 · b187f534

By default, Django returns "HTTP 403 Forbidden" responses when CSRF
validation failed[1]. CSRF is a case of authorization, not of
authentication. Therefore `PermissionDenied` should be raised instead
of `AuthenticationFailed`.

[1] https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#rejected-requests

committed Sep 23, 2014

b187f534

Name	Last commit	Last update
docs		Loading commit data...
rest_framework		Loading commit data...
tests		Loading commit data...
.gitignore		Loading commit data...
.travis.yml		Loading commit data...
CONTRIBUTING.md		Loading commit data...
MANIFEST.in		Loading commit data...
README.md		Loading commit data...
mkdocs.py		Loading commit data...
requirements-test.txt		Loading commit data...
requirements.txt		Loading commit data...
runtests.py		Loading commit data...
setup.cfg		Loading commit data...
setup.py		Loading commit data...
tox.ini		Loading commit data...

README.md