diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2009-10-27 14:04:21 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2009-10-27 14:04:21 +0000 |
| commit | d0b900e6f52e3d16d32ae42a1f80ee61b256db18 (patch) | |
| tree | 2b6028cfd710c71e9916196606bcda228c88cb6d | |
| parent | b32a187296fa856076652bc42dbf89e36c5c6dcf (diff) | |
Slight change to CSRF error messages to make debugging easier.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11669 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | django/middleware/csrf.py | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py index ad3ab12260..80d9e16a24 100644 --- a/django/middleware/csrf.py +++ b/django/middleware/csrf.py @@ -145,14 +145,18 @@ class CsrfViewMiddleware(object): # No CSRF cookie and no session cookie. For POST requests, # we insist on a CSRF cookie, and in this way we can avoid # all CSRF attacks, including login CSRF. - return reject("No CSRF cookie.") + return reject("No CSRF or session cookie.") else: csrf_token = request.META["CSRF_COOKIE"] # check incoming token request_csrf_token = request.POST.get('csrfmiddlewaretoken', None) if request_csrf_token != csrf_token: - return reject("CSRF token missing or incorrect.") + if cookie_is_new: + # probably a problem setting the CSRF cookie + return reject("CSRF cookie not set.") + else: + return reject("CSRF token missing or incorrect.") return accept() |
