Ticket #17732: django-csrf-missing-help-cookies-view.patch

File django-csrf-missing-help-cookies-view.patch, 664 bytes (added by h3, 13 years ago)

Patch of the csrf view to serve the correct reason

  • django/middleware/csrf.py

     
    176176                # and possible for PUT/DELETE.
    177177                request_csrf_token = request.META.get('HTTP_X_CSRFTOKEN', '')
    178178
     179            if not request.session.test_cookie_worked():
     180                return self._reject(request, REASON_NO_CSRF_COOKIE)
     181
    179182            if not constant_time_compare(request_csrf_token, csrf_token):
    180183                logger.warning('Forbidden (%s): %s',
    181184                               REASON_BAD_TOKEN, request.path,
Back to Top