Ticket #21322: csrf-cookie.diff

File csrf-cookie.diff, 1.4 KB (added by Ole Laursen, 11 years ago)

Patch against 382d324ccc0753962ec31ac23a4bde4fb2b9454e with text for NO_CSRF_COOKIE case

  • django/views/csrf.py

    diff --git a/django/views/csrf.py b/django/views/csrf.py
    index c95d19d..e47176d 100644
    a b CSRF_FAILURE_TEMPLATE = """  
    4242   re-enable them, at least for this site, or for HTTPS connections, or for
    4343   'same-origin' requests.</p>
    4444{% endif %}
     45{% if no_cookie %}
     46  <p>You are seeing this message because this site requires a CSRF
     47   cookie when submitting forms. This cookie is required for security
     48   reasons, to ensure that your browser is not being hijacked by third
     49   parties.</p>
     50
     51  <p>If you have configured your browser to disable cookies, please
     52   re-enable them, at least for this site, or for 'same-origin' requests.</p>
     53{% endif %}
    4554</div>
    4655{% if DEBUG %}
    4756<div id="info">
    def csrf_failure(request, reason=""):  
    95104    """
    96105    Default view used when request fails CSRF protection
    97106    """
    98     from django.middleware.csrf import REASON_NO_REFERER
     107    from django.middleware.csrf import REASON_NO_REFERER, REASON_NO_CSRF_COOKIE
    99108    t = Template(CSRF_FAILURE_TEMPLATE)
    100109    c = Context({'DEBUG': settings.DEBUG,
    101110                 'reason': reason,
    102                  'no_referer': reason == REASON_NO_REFERER
     111                 'no_referer': reason == REASON_NO_REFERER,
     112                 'no_cookie': reason == REASON_NO_CSRF_COOKIE
    103113                 })
    104114    return HttpResponseForbidden(t.render(c), content_type='text/html')
Back to Top