aboutsummaryrefslogtreecommitdiffstats
path: root/mediagoblin/meddleware/csrf.py
diff options
context:
space:
mode:
Diffstat (limited to 'mediagoblin/meddleware/csrf.py')
-rw-r--r--mediagoblin/meddleware/csrf.py12
1 files changed, 7 insertions, 5 deletions
diff --git a/mediagoblin/meddleware/csrf.py b/mediagoblin/meddleware/csrf.py
index 1488e6d9..65db9827 100644
--- a/mediagoblin/meddleware/csrf.py
+++ b/mediagoblin/meddleware/csrf.py
@@ -17,7 +17,7 @@
import random
import logging
-from webob.exc import HTTPForbidden
+from werkzeug.exceptions import Forbidden
from wtforms import Form, HiddenField, validators
from mediagoblin import mg_globals
@@ -128,8 +128,9 @@ class CsrfMeddleware(BaseMeddleware):
if cookie_token is None:
# the CSRF cookie must be present in the request
- _log.error('CSRF cookie not present')
- return HTTPForbidden()
+ errstr = 'CSRF cookie not present'
+ _log.error(errstr)
+ return Forbidden(errstr)
# get the form token and confirm it matches
form = CsrfForm(request.form)
@@ -142,5 +143,6 @@ class CsrfMeddleware(BaseMeddleware):
# either the tokens didn't match or the form token wasn't
# present; either way, the request is denied
- _log.error('CSRF validation failed')
- return HTTPForbidden()
+ errstr = 'CSRF validation failed'
+ _log.error(errstr)
+ return Forbidden(errstr)
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-08 03:06:35 +0000