Fixed #32329 -- Made CsrfViewMiddleware catch more specific UnreadablePostError.

Thanks Chris Jerdonek for the review.
2025-10-25 22:56:12 +00:00 · 2021-07-23 12:26:22 +02:00
parent 852fa7617e
commit 00ea883ef5
2 changed files with 19 additions and 6 deletions
--- a/django/middleware/csrf.py
+++ b/django/middleware/csrf.py
@@ -11,6 +11,7 @@ from urllib.parse import urlparse

 from django.conf import settings
 from django.core.exceptions import DisallowedHost, ImproperlyConfigured
+from django.http import UnreadablePostError
 from django.http.request import HttpHeaders
 from django.urls import get_callable
 from django.utils.cache import patch_vary_headers
@@ -342,7 +343,7 @@ class CsrfViewMiddleware(MiddlewareMixin):
        if request.method == 'POST':
            try:
                request_csrf_token = request.POST.get('csrfmiddlewaretoken', '')
-            except OSError:
+            except UnreadablePostError:
                # Handle a broken connection before we've completed reading the
                # POST data. process_view shouldn't raise any exceptions, so
                # we'll ignore and serve the user a 403 (assuming they're still