CSRF verification failure now returns HTTP 403 Forbidden, not 200 OK

author Marti Raudsepp <marti@juffo.org>

Wed, 7 Nov 2012 21:20:09 +0000 (23:20 +0200)

committer Magnus Hagander <magnus@hagander.net>

Sun, 11 Nov 2012 15:07:42 +0000 (16:07 +0100)
author Marti Raudsepp <marti@juffo.org>
Wed, 7 Nov 2012 21:20:09 +0000 (23:20 +0200)
committer Magnus Hagander <magnus@hagander.net>
Sun, 11 Nov 2012 15:07:42 +0000 (16:07 +0100)
diff --git a/pgweb/core/views.py b/pgweb/core/views.py

index 854bf9389d3d1651de9a9d8312714364fcbeb5b9..6cbc7f69cf1f89ce1ca131fdc80e583158fe91b9 100644 (file)
--- a/pgweb/core/views.py
+++ b/pgweb/core/views.py
@@ -152,9 +152,11 @@ def sitemap(request):
  
  @nocache
  def csrf_failure(request, reason=''):
-       return render_to_response('errors/csrf_failure.html', {
+       resp = render_to_response('errors/csrf_failure.html', {
                         'reason': reason,
                         })
+       resp.status_code = 403 # Forbidden
+       return resp
  
  # Basic information about the connection
  @cache(seconds=30)
author	Marti Raudsepp <marti@juffo.org>
	Wed, 7 Nov 2012 21:20:09 +0000 (23:20 +0200)
committer	Magnus Hagander <magnus@hagander.net>
	Sun, 11 Nov 2012 15:07:42 +0000 (16:07 +0100)