Commit d0b900e6 authored by Luke Plant's avatar Luke Plant
Browse files

Slight change to CSRF error messages to make debugging easier. 



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11669 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent b32a1872

django/middleware/csrf.py

+6 −2
Original line number Diff line number Diff line
@@ -145,13 +145,17 @@ class CsrfViewMiddleware(object): 
                    # No CSRF cookie and no session cookie. For POST requests,

                    # we insist on a CSRF cookie, and in this way we can avoid

                    # all CSRF attacks, including login CSRF.

                    return reject("No CSRF cookie.")

                    return reject("No CSRF or session cookie.")

            else:

                csrf_token = request.META["CSRF_COOKIE"]



            # check incoming token

            request_csrf_token = request.POST.get('csrfmiddlewaretoken', None)

            if request_csrf_token != csrf_token:

                if cookie_is_new:

                    # probably a problem setting the CSRF cookie

                    return reject("CSRF cookie not set.")

                else:

                    return reject("CSRF token missing or incorrect.")



        return accept()