Return 403 instead of 500 if no CSRF token given

Not supplying a CSRF token shouldn't return a 500 response because it isn't a server error. The response status code should definitely be in the 400's, because it's the client's fault. And it should be a 403 because the client is forbidden from making that request without the appropriate credential (the CSRF token), though the request may be otherwise valid.

http://en.wikipedia.org/wiki/List_of_HTTP_status_codes

0 files changed, 0 insertions, 0 deletions