`OPTIONS` is also a safe method.

author: Tom Christie 2012-02-11 18:43:58 +0000
committer: Tom Christie 2012-02-11 18:43:58 +0000
commit: 1ec165f38c508d7ac4c158ec8d558c5d8f1bd15b (patch)
tree: ccb6a30ca86172f725b3d75d347d901672233290 /djangorestframework/permissions.py
parent: 24911f37e47d7350b33d43342ce7662504e634df (diff)
download: django-rest-framework-1ec165f38c508d7ac4c158ec8d558c5d8f1bd15b.tar.bz2
1 files changed, 3 insertions, 2 deletions
diff --git a/djangorestframework/permissions.py b/djangorestframework/permissions.py
index de24e23b..2d6d8922 100644
--- a/djangorestframework/permissions.py
+++ b/djangorestframework/permissions.py
@@ -20,6 +20,8 @@ __all__ = (
     'PerResourceThrottling'
 )
 
+SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
+
 
 _403_FORBIDDEN_RESPONSE = ErrorResponse(
     status.HTTP_403_FORBIDDEN,
@@ -84,8 +86,7 @@ class IsUserOrIsAnonReadOnly(BasePermission):
 
     def check_permission(self, user):
         if (not user.is_authenticated() and
-            self.view.method != 'GET' and
-            self.view.method != 'HEAD'):
+            self.view.method not in SAFE_METHODS):
             raise _403_FORBIDDEN_RESPONSE
author	Tom Christie	2012-02-11 18:43:58 +0000
committer	Tom Christie	2012-02-11 18:43:58 +0000
commit	1ec165f38c508d7ac4c158ec8d558c5d8f1bd15b (patch)
tree	ccb6a30ca86172f725b3d75d347d901672233290 /djangorestframework/permissions.py
parent	24911f37e47d7350b33d43342ce7662504e634df (diff)
download	django-rest-framework-1ec165f38c508d7ac4c158ec8d558c5d8f1bd15b.tar.bz2