Skip to content
Snippets Groups Projects
Commit 1ee3b5f7 authored by Lloyd Hilaiel's avatar Lloyd Hilaiel
Browse files

change response code for missing cookie to 403, forbidden - issue #835, issue #1056

parent 4e80f218
No related branches found
No related tags found
No related merge requests found
......@@ -182,7 +182,7 @@ exports.setup = function(options, app) {
if (req.session === undefined || typeof req.session.csrf !== 'string') { // there must be a session
logger.warn("POST calls to /wsapi require a cookie to be sent, this user may have cookies disabled");
return httputils.badRequest(resp, "no cookie");
return httputils.forbidden(resp, "no cookie");
}
// and the token must match what is sent in the post body
......
......@@ -88,10 +88,10 @@ suite.addBatch({
}));
req.end();
},
"returns a 400 with 'no cookie' as the body": function(err, r) {
"returns a 403 with 'no cookie' as the body": function(err, r) {
assert.equal(err, null);
assert.equal(r.code, 400);
assert.equal(r.body, 'Bad Request: no cookie');
assert.equal(r.code, 403);
assert.equal(r.body, 'Forbidden: no cookie');
}
}
});
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment