summaryrefslogtreecommitdiffstats
path: root/application/controllers
diff options
context:
space:
mode:
authorKyle Valade <kylevalade@gmail.com>2014-07-06 22:43:20 +0200
committerKyle Valade <kylevalade@gmail.com>2014-07-06 22:43:20 +0200
commit05fcc09436c0c34cc5883d7840abc81ad5af7969 (patch)
tree5f22b6ab98378ad61bb6c250088c9ccce6fcee35 /application/controllers
parentf7bdd80d72dfcc7a0c49cb1c82df88dc1f992b06 (diff)
Return 403 instead of 500 if no CSRF token given
Not supplying a CSRF token shouldn't return a 500 response because it isn't a server error. The response status code should definitely be in the 400's, because it's the client's fault. And it should be a 403 because the client is forbidden from making that request without the appropriate credential (the CSRF token), though the request may be otherwise valid. http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
Diffstat (limited to 'application/controllers')
0 files changed, 0 insertions, 0 deletions