From 61ead87fc904d16e7a7a5bef80c493952f75c0ba Mon Sep 17 00:00:00 2001 From: Leo Hemsted Date: Mon, 12 Jun 2017 17:32:47 +0100 Subject: [PATCH] Add better logging when CSRF handler fails --- app/__init__.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/app/__init__.py b/app/__init__.py index ef10702ba..a1214de4c 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -165,14 +165,16 @@ def init_csrf(application): @csrf.error_handler def csrf_handler(reason): + application.logger.warning('csrf.error_message: {}'.format(reason)) + if 'user_id' not in session: - application.logger.info( + application.logger.warning( u'csrf.session_expired: Redirecting user to log in page' ) return application.login_manager.unauthorized() - application.logger.info( + application.logger.warning( u'csrf.invalid_token: Aborting request, user_id: {user_id}', extra={'user_id': session['user_id']})