diff --git a/src/Http/Middleware/CsrfMiddleware.php b/src/Http/Middleware/CsrfMiddleware.php index d0b1ee7..b2ae98b 100644 --- a/src/Http/Middleware/CsrfMiddleware.php +++ b/src/Http/Middleware/CsrfMiddleware.php @@ -190,7 +190,7 @@ protected function unauthorizedResponse(): ResponseInterface 'url' => (string) $this->request->getUri(), ] ); - $response = new Response(419); + $response = new Response(403); $message = $this->lang->tr('Page expired, or request token invalid'); $response->getBody()->write($message); diff --git a/tests/Http/Middleware/CsrfMiddlewareTest.php b/tests/Http/Middleware/CsrfMiddlewareTest.php index 2918e92..4372d6b 100644 --- a/tests/Http/Middleware/CsrfMiddlewareTest.php +++ b/tests/Http/Middleware/CsrfMiddlewareTest.php @@ -121,7 +121,7 @@ public function testProcessCsrfManagerInvalid(): void $o = new CsrfMiddleware($logger, $lang, $config, $manager); $res = $o->process($request, $handler); - $this->assertEquals(419, $res->getStatusCode()); + $this->assertEquals(403, $res->getStatusCode()); }