aboutsummaryrefslogtreecommitdiffstats
path: root/mediagoblin/meddleware/csrf.py
diff options
context:
space:
mode:
Diffstat (limited to 'mediagoblin/meddleware/csrf.py')
-rw-r--r--mediagoblin/meddleware/csrf.py16
1 files changed, 11 insertions, 5 deletions
diff --git a/mediagoblin/meddleware/csrf.py b/mediagoblin/meddleware/csrf.py
index 1488e6d9..661f0ba2 100644
--- a/mediagoblin/meddleware/csrf.py
+++ b/mediagoblin/meddleware/csrf.py
@@ -17,11 +17,12 @@
import random
import logging
-from webob.exc import HTTPForbidden
+from werkzeug.exceptions import Forbidden
from wtforms import Form, HiddenField, validators
from mediagoblin import mg_globals
from mediagoblin.meddleware import BaseMeddleware
+from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
_log = logging.getLogger(__name__)
@@ -127,9 +128,13 @@ class CsrfMeddleware(BaseMeddleware):
None)
if cookie_token is None:
- # the CSRF cookie must be present in the request
+ # the CSRF cookie must be present in the request, if not a
+ # cookie blocker might be in action (in the best case)
_log.error('CSRF cookie not present')
- return HTTPForbidden()
+ raise Forbidden(_('CSRF cookie not present. This is most likely '
+ 'the result of a cookie blocker or somesuch.<br/>'
+ 'Make sure to permit the settings of cookies for '
+ 'this domain.'))
# get the form token and confirm it matches
form = CsrfForm(request.form)
@@ -142,5 +147,6 @@ class CsrfMeddleware(BaseMeddleware):
# either the tokens didn't match or the form token wasn't
# present; either way, the request is denied
- _log.error('CSRF validation failed')
- return HTTPForbidden()
+ errstr = 'CSRF validation failed'
+ _log.error(errstr)
+ raise Forbidden(errstr)