From bc00313a9c4a3f8e381d9a426b6b4e416c7c1aa3 Mon Sep 17 00:00:00 2001
From: Farhanah Sheets <fsheets@edx.org>
Date: Wed, 27 Feb 2019 11:28:14 -0500
Subject: [PATCH] Revert "Improve 403 error handling"

---
 lms/djangoapps/courseware/module_render.py            | 3 ---
 lms/djangoapps/courseware/tests/test_module_render.py | 2 +-
 lms/static/js/ajax-error.js                           | 2 +-
 3 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/lms/djangoapps/courseware/module_render.py b/lms/djangoapps/courseware/module_render.py
index 3cb4ba77a6..83e0e3118b 100644
--- a/lms/djangoapps/courseware/module_render.py
+++ b/lms/djangoapps/courseware/module_render.py
@@ -1040,9 +1040,6 @@ def handle_xblock_callback(request, course_id, usage_id, handler, suffix=None):
                     request.user, _ = user_auth_tuple
                     break
 
-    if not request.user.is_authenticated:
-        return HttpResponse('Unauthenticated', status=403)
-
     # NOTE (CCB): Allow anonymous GET calls (e.g. for transcripts). Modifying this view is simpler than updating
     # the XBlocks to use `handle_xblock_callback_noauth`, which is practically identical to this view.
     if request.method != 'GET' and not (request.user and request.user.is_authenticated):
diff --git a/lms/djangoapps/courseware/tests/test_module_render.py b/lms/djangoapps/courseware/tests/test_module_render.py
index 8fadefac4e..290ce3db9a 100644
--- a/lms/djangoapps/courseware/tests/test_module_render.py
+++ b/lms/djangoapps/courseware/tests/test_module_render.py
@@ -321,7 +321,7 @@ class ModuleRenderTestCase(SharedModuleStoreTestCase, LoginEnrollmentTestCase):
         """Test that anonymous GET is allowed."""
         dispatch_url = self._get_dispatch_url()
         response = self.client.get(dispatch_url)
-        self.assertEquals(403, response.status_code)
+        self.assertEquals(200, response.status_code)
 
     def test_anonymous_post_xblock_callback(self):
         """Test that anonymous POST is not allowed."""
diff --git a/lms/static/js/ajax-error.js b/lms/static/js/ajax-error.js
index b25164d2b8..edab7732c4 100644
--- a/lms/static/js/ajax-error.js
+++ b/lms/static/js/ajax-error.js
@@ -1,5 +1,5 @@
 $(document).ajaxError(function(event, jXHR) {
-    if (jXHR.status === 403 && jXHR.responseText === 'Unauthenticated') {
+    if (jXHR.status === 403) {
         var message = gettext(
             'You have been logged out of your edX account. ' +
             'Click Okay to log in again now. ' +