Merge pull request #3867 from ywk253100/191119_xsrf

Abort with the pre-defined status code when handling XSRF error
2019-11-29 18:43:02 +08:00 · 2019-11-29 18:43:02 +08:00 · aa90c67a75
parent 1923b8c767 793047097c
commit aa90c67a75
1 changed files with 2 additions and 2 deletions
--- a/context/context.go
+++ b/context/context.go
@ -169,11 +169,11 @@ func (ctx *Context) CheckXSRFCookie() bool {
 		token = ctx.Request.Header.Get("X-Csrftoken")
 	}
 	if token == "" {
-		ctx.Abort(403, "'_xsrf' argument missing from POST")
+		ctx.Abort(422, "422")
 		return false
 	}
 	if ctx._xsrfToken != token {
-		ctx.Abort(403, "XSRF cookie does not match POST argument")
+		ctx.Abort(417, "417")
 		return false
 	}
 	return true