Opened 4 years ago
Closed 4 years ago
#32817 closed Cleanup/optimization (fixed)
Include in CsrfViewMiddleware's bad CSRF token message where the token is from
| Reported by: | Chris Jerdonek | Owned by: | Chris Jerdonek |
|---|---|---|---|
| Component: | CSRF | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
Currently, if CsrfViewMiddleware encounters a bad CSRF token, it will reject the request with a message like--
- "CSRF token incorrect"
- "CSRF token has incorrect length"
I noticed that it would be relatively easy to include in these messages whether the token was obtained from POST data or a custom header, which would be useful for troubleshooting. The messages are specified here in the code. The new messages could look e.g. like--
- "CSRF token (from POST) incorrect"
- "CSRF token (from 'X-CSRFToken' header) has incorrect length"
The changes to CsrfViewMiddlewareTestMixin proposed in #32800 would make these cases easy to test.
Change History (9)
comment:1 by , 4 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 4 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
comment:3 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:4 by , 4 years ago
| Has patch: | set |
|---|
comment:5 by , 4 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
Note:
See TracTickets
for help on using tickets.
PR: https://github.com/django/django/pull/14518