#32817: Include in CsrfViewMiddleware's bad CSRF token message where the token
is
from
------------------------------------------------+------------------------
Reporter: Chris Jerdonek | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: CSRF | Version: dev
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
------------------------------------------------+------------------------
Currently, if `CsrfViewMiddleware` encounters a bad CSRF token, it will
reject the request with a message like--
* "CSRF token incorrect"
* "CSRF token has incorrect length"
I noticed that it would be relatively easy to include in these messages
whether the token was obtained from `POST` data or a custom header, which
would be useful for troubleshooting. The new messages could look e.g.
like--
* "CSRF token (from POST) incorrect"
* "CSRF token (from 'X-CSRFToken' header) has incorrect length"
The changes to `CsrfViewMiddlewareTestMixin` proposed in #32800 would make
these cases easy to test.
--
Ticket URL: <https://code.djangoproject.com/ticket/32817>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/052.548d644e51de4adac0165bb5066cebf3%40djangoproject.com.
