aboutsummaryrefslogtreecommitdiffstats
path: root/djangorestframework/permissions.py
diff options
context:
space:
mode:
Diffstat (limited to 'djangorestframework/permissions.py')
-rw-r--r--djangorestframework/permissions.py5
1 files changed, 3 insertions, 2 deletions
diff --git a/djangorestframework/permissions.py b/djangorestframework/permissions.py
index de24e23b..2d6d8922 100644
--- a/djangorestframework/permissions.py
+++ b/djangorestframework/permissions.py
@@ -20,6 +20,8 @@ __all__ = (
'PerResourceThrottling'
)
+SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
+
_403_FORBIDDEN_RESPONSE = ErrorResponse(
status.HTTP_403_FORBIDDEN,
@@ -84,8 +86,7 @@ class IsUserOrIsAnonReadOnly(BasePermission):
def check_permission(self, user):
if (not user.is_authenticated() and
- self.view.method != 'GET' and
- self.view.method != 'HEAD'):
+ self.view.method not in SAFE_METHODS):
raise _403_FORBIDDEN_RESPONSE
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-18 14:08:42 +0000