"403 Forbidden" in Authentication tutorial (part 4) #3800
Description
Following the tutorial, I'm at this point:
When I run http POST http://127.0.0.1:8000/snippets/ code="print 123", I do get the expected JSON response body, but the header is 403 Forbidden.
It seems to me that this should be 401 Unauthorized (since the very next example shows that Authorization does indeed help). But...it's possible that this is simply a rough edge in the tutorial code, so is it really a bug in DRF, or just something to note in the tutorial and move on?