05fcc09436c0c34cc5883d7840abc81ad5af7969 - code-igniter-v3-giggi

commit	05fcc09436c0c34cc5883d7840abc81ad5af7969	[log] [tgz]
author	Kyle Valade <kylevalade@gmail.com>	Sun Jul 06 13:43:20 2014 -0700
committer	Kyle Valade <kylevalade@gmail.com>	Sun Jul 06 13:43:20 2014 -0700
tree	5f22b6ab98378ad61bb6c250088c9ccce6fcee35
parent	f7bdd80d72dfcc7a0c49cb1c82df88dc1f992b06 [diff]

Return 403 instead of 500 if no CSRF token given

Not supplying a CSRF token shouldn't return a 500 response because it isn't a server error. The response status code should definitely be in the 400's, because it's the client's fault. And it should be a 403 because the client is forbidden from making that request without the appropriate credential (the CSRF token), though the request may be otherwise valid.

http://en.wikipedia.org/wiki/List_of_HTTP_status_codes

system/core/Security.php[diff]

1 file changed

tree: 5f22b6ab98378ad61bb6c250088c9ccce6fcee35

.gitignore
.travis.yml
DCO.txt
application/
composer.json
contributing.md
index.php
license.txt
license_afl.txt
phpdoc.dist.xml
readme.rst
system/
tests/
user_guide_src/