add logging to CSRF token generation, and rather than throwing an exception...
add logging to CSRF token generation, and rather than throwing an exception when a mismatch is detected, log an error and return a bad request to the client (seems like a better fit than 'not authorized'). issue #173
Loading
Please register or sign in to comment