Bump version for CSRF logging changes, and improve error message.

yesodweb · Mar 29, 2016 · ea6680a · ea6680a
1 parent 9720674
commit ea6680a
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 2 deletions.
diff --git a/yesod-core/ChangeLog.md b/yesod-core/ChangeLog.md
@@ -1,3 +1,7 @@
+## 1.4.19.2
+
+* Log a warning when a CSRF error occurs [#1200](https://github.com/yesodweb/yesod/pull/1200)
+
 ## 1.4.19.1
 
 * Allow lines of dashes in route files [#1182](https://github.com/yesodweb/yesod/pull/1182)

diff --git a/yesod-core/Yesod/Core/Handler.hs b/yesod-core/Yesod/Core/Handler.hs
@@ -1452,4 +1452,4 @@ validCsrf Nothing            _param = True
 validCsrf (Just _token)     Nothing = False
 
 csrfErrorMessage :: Text
-csrfErrorMessage = "A valid CSRF token wasn't present in HTTP headers or POST parameters. Check the Yesod.Core.Handler docs of the yesod-core package for details on CSRF protection."
+csrfErrorMessage = "A valid CSRF token wasn't present in HTTP headers or POST parameters. Because the request could have been forged, it's been rejected altogether. Check the Yesod.Core.Handler docs of the yesod-core package for details on CSRF protection."
diff --git a/yesod-core/yesod-core.cabal b/yesod-core/yesod-core.cabal
@@ -1,5 +1,5 @@
 name:            yesod-core
-version:         1.4.19.1
+version:         1.4.19.2
 license:         MIT
 license-file:    LICENSE
 author:          Michael Snoyman <michael@snoyman.com>