From a9c1518a18b9e972a9faf6daac227253ac69b1e0 Mon Sep 17 00:00:00 2001 From: Tony NGUEREZA Date: Thu, 11 Jul 2024 08:38:17 +0100 Subject: [PATCH] Change invalid CSRF HTTP response status code --- src/Http/Middleware/CsrfMiddleware.php | 2 +- tests/Http/Middleware/CsrfMiddlewareTest.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Http/Middleware/CsrfMiddleware.php b/src/Http/Middleware/CsrfMiddleware.php index d0b1ee7..b2ae98b 100644 --- a/src/Http/Middleware/CsrfMiddleware.php +++ b/src/Http/Middleware/CsrfMiddleware.php @@ -190,7 +190,7 @@ protected function unauthorizedResponse(): ResponseInterface 'url' => (string) $this->request->getUri(), ] ); - $response = new Response(419); + $response = new Response(403); $message = $this->lang->tr('Page expired, or request token invalid'); $response->getBody()->write($message); diff --git a/tests/Http/Middleware/CsrfMiddlewareTest.php b/tests/Http/Middleware/CsrfMiddlewareTest.php index 2918e92..4372d6b 100644 --- a/tests/Http/Middleware/CsrfMiddlewareTest.php +++ b/tests/Http/Middleware/CsrfMiddlewareTest.php @@ -121,7 +121,7 @@ public function testProcessCsrfManagerInvalid(): void $o = new CsrfMiddleware($logger, $lang, $config, $manager); $res = $o->process($request, $handler); - $this->assertEquals(419, $res->getStatusCode()); + $this->assertEquals(403, $res->getStatusCode()); }