Merge pull request #1896 from dbrgn/csrf_response

Changed return status for CSRF failures to HTTP 403
author: Tom Christie 2014-09-23 14:30:35 +0100
committer: Tom Christie 2014-09-23 14:30:35 +0100
commit: aa84432f9b40849fb677d9fed803098fd392f881 (patch)
tree: 983958da58b82cbde6d152adc8e12c20ea1d912a
parent: 0404f09a7e69f533038d47ca25caad90c0c2659f (diff)
parent: b187f53453d3885cd918f5f9f4490bcc8e3e2410 (diff)
download: django-rest-framework-aa84432f9b40849fb677d9fed803098fd392f881.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py
index f3fec05e..36d74dd9 100644
--- a/rest_framework/authentication.py
+++ b/rest_framework/authentication.py
@@ -129,7 +129,7 @@ class SessionAuthentication(BaseAuthentication):
         reason = CSRFCheck().process_view(request, None, (), {})
         if reason:
             # CSRF failed, bail with explicit error message
-            raise exceptions.AuthenticationFailed('CSRF Failed: %s' % reason)
+            raise exceptions.PermissionDenied('CSRF Failed: %s' % reason)
 
 
 class TokenAuthentication(BaseAuthentication):
author	Tom Christie	2014-09-23 14:30:35 +0100
committer	Tom Christie	2014-09-23 14:30:35 +0100
commit	aa84432f9b40849fb677d9fed803098fd392f881 (patch)
tree	983958da58b82cbde6d152adc8e12c20ea1d912a
parent	0404f09a7e69f533038d47ca25caad90c0c2659f (diff)
parent	b187f53453d3885cd918f5f9f4490bcc8e3e2410 (diff)
download	django-rest-framework-aa84432f9b40849fb677d9fed803098fd392f881.tar.bz2