Author: lukeplant
Date: 2009-10-27 09:04:21 -0500 (Tue, 27 Oct 2009)
New Revision: 11669
Modified:
django/trunk/django/middleware/csrf.py
Log:
Slight change to CSRF error messages to make debugging easier.
Modified: django/trunk/django/middleware/csrf.py
===================================================================
--- django/trunk/django/middleware/csrf.py 2009-10-27 13:13:40 UTC (rev
11668)
+++ django/trunk/django/middleware/csrf.py 2009-10-27 14:04:21 UTC (rev
11669)
@@ -145,14 +145,18 @@
# No CSRF cookie and no session cookie. For POST requests,
# we insist on a CSRF cookie, and in this way we can avoid
# all CSRF attacks, including login CSRF.
- return reject("No CSRF cookie.")
+ return reject("No CSRF or session cookie.")
else:
csrf_token = request.META["CSRF_COOKIE"]
# check incoming token
request_csrf_token = request.POST.get('csrfmiddlewaretoken', None)
if request_csrf_token != csrf_token:
- return reject("CSRF token missing or incorrect.")
+ if cookie_is_new:
+ # probably a problem setting the CSRF cookie
+ return reject("CSRF cookie not set.")
+ else:
+ return reject("CSRF token missing or incorrect.")
return accept()
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
