summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Plant <L.Plant.98@cantab.net>2009-10-27 14:04:21 +0000
committerLuke Plant <L.Plant.98@cantab.net>2009-10-27 14:04:21 +0000
commitd0b900e6f52e3d16d32ae42a1f80ee61b256db18 (patch)
tree2b6028cfd710c71e9916196606bcda228c88cb6d
parentb32a187296fa856076652bc42dbf89e36c5c6dcf (diff)
Slight change to CSRF error messages to make debugging easier.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11669 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/middleware/csrf.py8
1 files changed, 6 insertions, 2 deletions
diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py
index ad3ab12260..80d9e16a24 100644
--- a/django/middleware/csrf.py
+++ b/django/middleware/csrf.py
@@ -145,14 +145,18 @@ class CsrfViewMiddleware(object):
# No CSRF cookie and no session cookie. For POST requests,
# we insist on a CSRF cookie, and in this way we can avoid
# all CSRF attacks, including login CSRF.
- return reject("No CSRF cookie.")
+ return reject("No CSRF or session cookie.")
else:
csrf_token = request.META["CSRF_COOKIE"]
# check incoming token
request_csrf_token = request.POST.get('csrfmiddlewaretoken', None)
if request_csrf_token != csrf_token:
- return reject("CSRF token missing or incorrect.")
+ if cookie_is_new:
+ # probably a problem setting the CSRF cookie
+ return reject("CSRF cookie not set.")
+ else:
+ return reject("CSRF token missing or incorrect.")
return accept()