diff --git a/api/permissions.py b/api/permissions.py
index a8c70f67..b54adf6f 100644
--- a/api/permissions.py
+++ b/api/permissions.py
@@ -23,7 +23,7 @@
 """
 
 from rest_framework import permissions, exceptions
-
+from django.http import Http404
 from . import acl
 
 
@@ -273,6 +273,8 @@ class AutodetectACLPermission(permissions.BasePermission):
             # they have read permissions to see 403, or not, and simply see
             # a 404 response.
 
+            SAFE_METHODS = ("GET", "OPTIONS", "HEAD", "POST", "PUT", "PATCH", "DELETE")
+
             if request.method in SAFE_METHODS:
                 # Read permissions already checked and failed, no need
                 # to make another lookup.