Return a nice JSON error when CSRF errors happen in JSON views.

(imported from commit 916166c115f9b3ba0fdc93f8d917ff37ae22c2ae)
2025-11-03 05:23:35 +00:00 · 2013-12-17 16:18:13 -05:00
parent 014b5e8a91
commit b30afe432e
2 changed files with 18 additions and 0 deletions
--- a/zproject/settings.py
+++ b/zproject/settings.py
@@ -131,6 +131,7 @@ if DEPLOYED:
 # the token from the DOM, which means malicious code could too.  But hiding the
 # cookie will slow down some attackers.
 CSRF_COOKIE_PATH = '/;HttpOnly'
+CSRF_FAILURE_VIEW = 'zerver.middleware.csrf_failure'

 # Base URL of the Tornado server
 # We set it to None when running backend tests or populate_db.
@@ -154,6 +155,7 @@ if DEPLOYED:

 MIDDLEWARE_CLASSES = (
    # Our logging middleware should be the first middleware item.
+    'zerver.middleware.TagRequests',
    'zerver.middleware.LogRequests',
    'zerver.middleware.JsonErrorHandler',
    'zerver.middleware.RateLimitMiddleware',