Slight change to CSRF error messages to make debugging easier.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11669 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Slight change to CSRF error messages to make debugging easier.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11669 bcc190cf-cafb-0310-a4f2-bffc1f526a37
d0b900e6 · Luke Plant · b32a1872 · d0b900e6
Kaydet (Commit) d0b900e6 authored Eki 27, 2009 tarafından Luke Plant
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 2 deletions

csrf.py django/middleware/csrf.py +6 -2

No files found.
--- a/django/middleware/csrf.py
+++ b/django/middleware/csrf.py
@@ -145,14 +145,18 @@ class CsrfViewMiddleware(object):
                    # No CSRF cookie and no session cookie. For POST requests,
                    # we insist on a CSRF cookie, and in this way we can avoid
                    # all CSRF attacks, including login CSRF.
-                    return reject("No CSRF cookie.")
+                    return reject("No CSRF or session cookie.")
            else:
                csrf_token = request.META["CSRF_COOKIE"]

            # check incoming token
            request_csrf_token = request.POST.get('csrfmiddlewaretoken', None)
            if request_csrf_token != csrf_token:
-                return reject("CSRF token missing or incorrect.")
+                if cookie_is_new:
+                    # probably a problem setting the CSRF cookie
+                    return reject("CSRF cookie not set.")
+                else:
+                    return reject("CSRF token missing or incorrect.")

        return accept()