Browse files

Slight change to CSRF error messages to make debugging easier.

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent b32a187 commit d0b900e6f52e3d16d32ae42a1f80ee61b256db18 @spookylukey spookylukey committed Oct 27, 2009
Showing with 6 additions and 2 deletions.
  1. +6 −2 django/middleware/
@@ -145,14 +145,18 @@ def accept():
# No CSRF cookie and no session cookie. For POST requests,
# we insist on a CSRF cookie, and in this way we can avoid
# all CSRF attacks, including login CSRF.
- return reject("No CSRF cookie.")
+ return reject("No CSRF or session cookie.")
csrf_token = request.META["CSRF_COOKIE"]
# check incoming token
request_csrf_token = request.POST.get('csrfmiddlewaretoken', None)
if request_csrf_token != csrf_token:
- return reject("CSRF token missing or incorrect.")
+ if cookie_is_new:
+ # probably a problem setting the CSRF cookie
+ return reject("CSRF cookie not set.")
+ else:
+ return reject("CSRF token missing or incorrect.")
return accept()

0 comments on commit d0b900e

Please sign in to comment.