diff --git a/django/contrib/csrf/middleware.py b/django/contrib/csrf/middleware.py
index bca01809e35..f9c4ef7241a 100644
--- a/django/contrib/csrf/middleware.py
+++ b/django/contrib/csrf/middleware.py
@@ -65,8 +65,8 @@ class CsrfResponseMiddleware(object):
     session.
     """
     def process_response(self, request, response):
-	if getattr(response, 'csrf_exempt', False):
-	    return response
+        if getattr(response, 'csrf_exempt', False):
+            return response
 
         csrf_token = None
         try:
@@ -133,8 +133,8 @@ def csrf_response_exempt(view_func):
     """
     def wrapped_view(*args, **kwargs):
         resp = view_func(*args, **kwargs)
-	resp.csrf_exempt = True
-	return resp
+        resp.csrf_exempt = True
+        return resp
     return wraps(view_func)(wrapped_view)
 
 def csrf_view_exempt(view_func):
diff --git a/django/contrib/csrf/tests.py b/django/contrib/csrf/tests.py
index ba934bc7ea3..f00929fb282 100644
--- a/django/contrib/csrf/tests.py
+++ b/django/contrib/csrf/tests.py
@@ -63,7 +63,7 @@ class CsrfMiddlewareTest(TestCase):
         """
         req = self._get_GET_no_session_request()
         resp = self._get_post_form_response()
-	resp_content = resp.content # needed because process_response modifies resp
+        resp_content = resp.content # needed because process_response modifies resp
         resp2 = CsrfMiddleware().process_response(req, resp)
         self.assertEquals(resp_content, resp2.content)
 
@@ -73,7 +73,7 @@ class CsrfMiddlewareTest(TestCase):
         """
         req = self._get_GET_session_request()
         resp = self._get_post_form_response()
-	resp_content = resp.content # needed because process_response modifies resp
+        resp_content = resp.content # needed because process_response modifies resp
         resp2 = CsrfMiddleware().process_response(req, resp)
         self.assertNotEqual(resp_content, resp2.content)
         self._check_token_present(resp2)
@@ -84,18 +84,18 @@ class CsrfMiddlewareTest(TestCase):
         """
         req = self._get_GET_no_session_request() # no session in request
         resp = self._get_new_session_response() # but new session started
-	resp_content = resp.content # needed because process_response modifies resp
+        resp_content = resp.content # needed because process_response modifies resp
         resp2 = CsrfMiddleware().process_response(req, resp)
         self.assertNotEqual(resp_content, resp2.content)
         self._check_token_present(resp2)
 
     def test_process_response_exempt_view(self):
-	"""
-	Check that no post processing is done for an exempt view
-	"""
+        """
+        Check that no post processing is done for an exempt view
+        """
         req = self._get_POST_session_request()
-	resp = csrf_exempt(self.get_view())(req)
-	resp_content = resp.content
+        resp = csrf_exempt(self.get_view())(req)
+        resp_content = resp.content
         resp2 = CsrfMiddleware().process_response(req, resp)
         self.assertEquals(resp_content, resp2.content)