1 rok temu · b47c5ee1b8
--- a/netbox/netbox/graphql/views.py
+++ b/netbox/netbox/graphql/views.py
@@ -36,7 +36,9 @@ class NetBoxGraphQLView(GraphQLView):
 
				 
			
 
				         # Enforce LOGIN_REQUIRED
			
 
				         if settings.LOGIN_REQUIRED and not request.user.is_authenticated:
			
 
				-            # return redirect_to_login(reverse('graphql'))
			
 
				-            return HttpResponseForbidden("No credentials provided.")
			
 
				+            if request.accepts("text/html"):
			
 
				+                return redirect_to_login(reverse('graphql'))
			
 
				+            else:
			
 
				+                return HttpResponseForbidden("No credentials provided.")
			
 
				 
			
 
				         return super().dispatch(request, *args, **kwargs)
			
--- a/netbox/netbox/tests/test_graphql.py
+++ b/netbox/netbox/tests/test_graphql.py
@@ -33,5 +33,4 @@ class GraphQLTestCase(TestCase):
 
				         self.client.logout()
			
 
				         response = self.client.get(url, **header)
			
 
				         with disable_warnings('django.request'):
			
 
				-            # self.assertHttpStatus(response, 302)  # Redirect to login page
			
 
				-            self.assertHttpStatus(response, 403)  # Redirect to login page
			
 
				+            self.assertHttpStatus(response, 302)  # Redirect to login page
			
--- a/netbox/utilities/testing/api.py
+++ b/netbox/utilities/testing/api.py
@@ -499,7 +499,10 @@ class APIViewTestCases:
 
				 
			
 
				             # Non-authenticated requests should fail
			
 
				             with disable_warnings('django.request'):
			
 
				-                self.assertHttpStatus(self.client.post(url, data={'query': query}, format="json"), status.HTTP_403_FORBIDDEN)
			
 
				+                header = {
			
 
				+                    'HTTP_ACCEPT': 'application/json',
			
 
				+                }
			
 
				+                self.assertHttpStatus(self.client.post(url, data={'query': query}, format="json", **header), status.HTTP_403_FORBIDDEN)
			
 
				 
			
 
				             # Add object-level permission
			
 
				             obj_perm = ObjectPermission(
			
@@ -524,7 +527,10 @@ class APIViewTestCases:
 
				 
			
 
				             # Non-authenticated requests should fail
			
 
				             with disable_warnings('django.request'):
			
 
				-                self.assertHttpStatus(self.client.post(url, data={'query': query}, format="json"), status.HTTP_403_FORBIDDEN)
			
 
				+                header = {
			
 
				+                    'HTTP_ACCEPT': 'application/json',
			
 
				+                }
			
 
				+                self.assertHttpStatus(self.client.post(url, data={'query': query}, format="json", **header), status.HTTP_403_FORBIDDEN)
			
 
				 
			
 
				             # Add object-level permission
			
 
				             obj_perm = ObjectPermission(