Merge pull request #19892 from edx/revert-19881-LEARNER-7131/improve-403-error-handling

Revert PR 19881 - "Improve 403 error handling"

lms/djangoapps/courseware/module_render.py

@@ -1040,9 +1040,6 @@ def handle_xblock_callback(request, course_id, usage_id, handler, suffix=None):
                     request.user, _ = user_auth_tuple
                     break
 
-    if not request.user.is_authenticated:
-        return HttpResponse('Unauthenticated', status=403)
-
     # NOTE (CCB): Allow anonymous GET calls (e.g. for transcripts). Modifying this view is simpler than updating
     # the XBlocks to use `handle_xblock_callback_noauth`, which is practically identical to this view.
     if request.method != 'GET' and not (request.user and request.user.is_authenticated):

lms/djangoapps/courseware/tests/test_module_render.py

@@ -321,7 +321,7 @@ class ModuleRenderTestCase(SharedModuleStoreTestCase, LoginEnrollmentTestCase):
         """Test that anonymous GET is allowed."""
         dispatch_url = self._get_dispatch_url()
         response = self.client.get(dispatch_url)
-        self.assertEquals(403, response.status_code)
+        self.assertEquals(200, response.status_code)
 
     def test_anonymous_post_xblock_callback(self):
         """Test that anonymous POST is not allowed."""

lms/static/js/ajax-error.js

@@ -1,5 +1,5 @@
 $(document).ajaxError(function(event, jXHR) {
-    if (jXHR.status === 403 && jXHR.responseText === 'Unauthenticated') {
+    if (jXHR.status === 403) {
         var message = gettext(
             'You have been logged out of your edX account. ' +
             'Click Okay to log in again now. ' +