From c38d10d7731e943c0d0b3c43f9f3ce66f015ed22 Mon Sep 17 00:00:00 2001 From: Athanasios Voutsadakis Date: Tue, 28 Nov 2017 11:44:59 +0000 Subject: [PATCH] Change the CSRF error from 400 to 403 All 400s are handled by a generic errorhandler which logs them and converts them to 500. We don't need to be alerted for CSRF problems. --- app/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/__init__.py b/app/__init__.py index 317e395d3..8856c5393 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -151,7 +151,7 @@ def init_csrf(application): u'csrf.invalid_token: Aborting request, user_id: {user_id}', extra={'user_id': session['user_id']}) - abort(400, reason) + abort(403, reason) def init_app(application):