Merge pull request #3134 from kdazzle/patch-1

Return 403 instead of 500 if no CSRF token given
author: Andrey Andreev <narf@devilix.net> 2014-07-14 01:22:28 +0200
committer: Andrey Andreev <narf@devilix.net> 2014-07-14 01:22:28 +0200
commit: 466af6c937bb7402cafe4f6c1392df7ccc526953 (patch)
tree: 42e92ab9eb34cc87bc6335f5578b2d7177daa84b /user_guide_src/source
parent: 35a7b44d6515e5ceae0151119a56904296a32ee5 (diff)
parent: 2761ff49f406d43c749ea87f7d5ebd4e2b7c3197 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index bcdb12feb..d2bb195b6 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -507,6 +507,7 @@ Release Date: Not Released
       -  Added ``$config['csrf_regeneration']``, which makes token regeneration optional.
       -  Added ``$config['csrf_exclude_uris']``, which allows you list URIs which will not have the CSRF validation methods run.
       -  Modified method ``sanitize_filename()`` to read a public ``$filename_bad_chars`` property for getting the invalid characters list.
+      -  Return status code of 403 instead of a 500 if CSRF protection is enabled but a token is missing from a request.
 
    -  :doc:`Language Library <libraries/language>` changes include:
author	Andrey Andreev <narf@devilix.net>	2014-07-14 01:22:28 +0200
committer	Andrey Andreev <narf@devilix.net>	2014-07-14 01:22:28 +0200
commit	466af6c937bb7402cafe4f6c1392df7ccc526953 (patch)
tree	42e92ab9eb34cc87bc6335f5578b2d7177daa84b /user_guide_src/source
parent	35a7b44d6515e5ceae0151119a56904296a32ee5 (diff)
parent	2761ff49f406d43c749ea87f7d5ebd4e2b7c3197 (diff)