mirror of
https://github.com/django/django.git
synced 2025-10-23 21:59:11 +00:00
Slight change to CSRF error messages to make debugging easier.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11669 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
@@ -145,14 +145,18 @@ class CsrfViewMiddleware(object):
|
|||||||
# No CSRF cookie and no session cookie. For POST requests,
|
# No CSRF cookie and no session cookie. For POST requests,
|
||||||
# we insist on a CSRF cookie, and in this way we can avoid
|
# we insist on a CSRF cookie, and in this way we can avoid
|
||||||
# all CSRF attacks, including login CSRF.
|
# all CSRF attacks, including login CSRF.
|
||||||
return reject("No CSRF cookie.")
|
return reject("No CSRF or session cookie.")
|
||||||
else:
|
else:
|
||||||
csrf_token = request.META["CSRF_COOKIE"]
|
csrf_token = request.META["CSRF_COOKIE"]
|
||||||
|
|
||||||
# check incoming token
|
# check incoming token
|
||||||
request_csrf_token = request.POST.get('csrfmiddlewaretoken', None)
|
request_csrf_token = request.POST.get('csrfmiddlewaretoken', None)
|
||||||
if request_csrf_token != csrf_token:
|
if request_csrf_token != csrf_token:
|
||||||
return reject("CSRF token missing or incorrect.")
|
if cookie_is_new:
|
||||||
|
# probably a problem setting the CSRF cookie
|
||||||
|
return reject("CSRF cookie not set.")
|
||||||
|
else:
|
||||||
|
return reject("CSRF token missing or incorrect.")
|
||||||
|
|
||||||
return accept()
|
return accept()
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user