From 3b0f7de3e6429d7125a8ecec659544b58195cdc9 Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Thu, 28 Jun 2018 09:33:39 -0400
Subject: [PATCH] Properly return HTTP 403 when CSRF fails (not HTTP 500)

---
 awx/api/generics.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/api/generics.py b/awx/api/generics.py
index 8505275f83..626ba2fc61 100644
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -195,7 +195,7 @@ class APIView(views.APIView):
             request.drf_request_user = getattr(drf_request, 'user', False)
         except AuthenticationFailed:
             request.drf_request_user = None
-        except ParseError as exc:
+        except (PermissionDenied, ParseError) as exc:
             request.drf_request_user = None
             self.__init_request_error__ = exc
         return drf_request