id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
32817	Include in CsrfViewMiddleware's bad CSRF token message where the token is from	Chris Jerdonek	Chris Jerdonek	"Currently, if `CsrfViewMiddleware` encounters a bad CSRF token, it will reject the request with a message like--

* ""CSRF token incorrect""
* ""CSRF token has incorrect length""

I noticed that it would be relatively easy to include in these messages whether the token was obtained from `POST` data or a custom header, which would be useful for troubleshooting. The messages are specified [https://github.com/django/django/blob/213850b4b9641bdcb714172999725ec9aa9c9e84/django/middleware/csrf.py#L411-L417 here in the code]. The new messages could look e.g. like--

* ""CSRF token (from POST) incorrect""
* ""CSRF token (from 'X-CSRFToken' header) has incorrect length""

The changes to `CsrfViewMiddlewareTestMixin` proposed in #32800 would make these cases easy to test.
"	Cleanup/optimization	closed	CSRF	dev	Normal	fixed			Ready for checkin	1	0	0	0	0	0