I am on page 333 of the book now where we first use

$http.put('/api/v1/poll_items/'+item.id,item)

The server returns 403 though.
I then tried PUTting through both REST html interface and from the command line, both ways work:

import requests
data="""
{
    "id": 2,
    "name": "yodaaa2",
    "text": "yodaaaa2",
    "votes": 5,
    "percentage": 0.0
}
"""
headers={'content-type':'application/json'}
res=requests.put('http://localhost:8000/api/v1/poll_items/2',data=data,headers=headers)
print(res.status_code)

>>200

so there is trouble on the JS part.
when I examined the rest_framework.response.Response object, I saw this:

response.data
{'detail': 'CSRF Failed: CSRF token missing or incorrect.'}

also, the request object created by $http.put() contained a csrf cookie

request.COOKIES
{'csrftoken': 'UKpSA6ak5vL0NCLeOz2YmSR3S6eXH4s9', 'tabstyle': 'raw-tab', '__ngDebug': 'true', 'sessionid': 'qjlh01munmtrffhao2zxp8oikb6iywfr'}

Neiter of these happen when i PUT by requests.put.

Even if I remove {% csrf_token %} from the page or disable CsrfViewMiddleware completely, Angular still finds a way to get a CSRF cookie into my request.

How do I turn it off? (my Angular is v1.3.15)

okay. I cleaned my browser's cookies, and it worked. So simple.

Good thing, cause it kinda had me stumped. :)

yeah sorry %)

@kurtgn - no its totally cool, much rather you submit an incorrect issue than not submit anything at all. At least I know your going through the book. :) Do let me know if you have any other difficulties.

yeah sure :) the book is great btw! It's amazing to watch Angular and Django REST dance together so gracefully.