diff --git a/pount/apps/iiif/views.py b/pount/apps/iiif/views.py
index e0ec212b3ec22b362b3e6ee6b46f018079f98fea..00c98a41936e0217c6cec9927930f18d848fa590 100644
--- a/pount/apps/iiif/views.py
+++ b/pount/apps/iiif/views.py
@@ -2,7 +2,7 @@ from os import environ
 
 from django.conf import settings
 from django.contrib.auth import get_user_model
-from django.core.exceptions import PermissionDenied
+from django.http.response import HttpResponseForbidden
 from django.shortcuts import get_object_or_404
 from rest_framework_simplejwt.authentication import JWTAuthentication
 from rest_framework_simplejwt.exceptions import InvalidToken
@@ -68,5 +68,5 @@ class IIIFProxyView(ProxyView):
                 if user.has_perm(ITEM_VIEW, file.item):
                     return super().dispatch(request, *args, **kwargs)
         except InvalidToken:
-            pass  # should renew ?
-        raise PermissionDenied()
+            pass
+        return HttpResponseForbidden()