Commits

Andi Albrecht committed 04f2586 Draft

Print out posted data when XSRF token is invalid (issue361).

Comments (0)

Files changed (1)

codereview/views.py

         # Try the previous hour's token
         xsrf_token = account.get_xsrf_token(-1)
         if post_token != xsrf_token:
-          return HttpTextResponse('Invalid XSRF token.', status=403)
+          msg = [u'Invalid XSRF token.']
+          if request.POST:
+            msg.extend([u'',
+                        u'However, this was the data posted to the server:',
+                        u''])
+            for key in request.POST:
+              msg.append(u'%s: %s' % (key, request.POST[key]))
+            msg.extend([u'', u'-'*10,
+                        u'Please reload the previous page and post again.'])
+          return HttpTextResponse(u'\n'.join(msg), status=403)
     return func(request, *args, **kwds)
 
   return xsrf_wrapper