Properly return HTTP 403 when CSRF fails (not HTTP 500)

2026-03-07 03:31:10 -03:30 · 2018-06-28 09:33:39 -04:00
parent e8748fa147
commit 3b0f7de3e6
1 changed files with 1 additions and 1 deletions
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -195,7 +195,7 @@ class APIView(views.APIView):
            request.drf_request_user = getattr(drf_request, 'user', False)
        except AuthenticationFailed:
            request.drf_request_user = None
-        except ParseError as exc:
+        except (PermissionDenied, ParseError) as exc:
            request.drf_request_user = None
            self.__init_request_error__ = exc
        return drf_request