p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Slight change to CSRF error messages to make debugging easier. 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11669 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2009-10-27 14:04:21 +00:00
parent b32a187296
commit d0b900e6f5
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
django/middleware/csrf.py
View File

@ -145,13 +145,17 @@ class CsrfViewMiddleware(object):
# No CSRF cookie and no session cookie. For POST requests, # No CSRF cookie and no session cookie. For POST requests,
# we insist on a CSRF cookie, and in this way we can avoid # we insist on a CSRF cookie, and in this way we can avoid
# all CSRF attacks, including login CSRF. # all CSRF attacks, including login CSRF.
return reject("No CSRF cookie.") return reject("No CSRF or session cookie.")
else: else:
csrf_token = request.META["CSRF_COOKIE"] csrf_token = request.META["CSRF_COOKIE"]
# check incoming token # check incoming token
request_csrf_token = request.POST.get('csrfmiddlewaretoken', None) request_csrf_token = request.POST.get('csrfmiddlewaretoken', None)
if request_csrf_token != csrf_token: if request_csrf_token != csrf_token:
if cookie_is_new:
# probably a problem setting the CSRF cookie
return reject("CSRF cookie not set.")
else:
return reject("CSRF token missing or incorrect.") return reject("CSRF token missing or incorrect.")
return accept() return accept()