From 05febb1a0ce018690168890ed4804eea9d84499d Mon Sep 17 00:00:00 2001
From: yackob03 <jacob.moshenko@gmail.com>
Date: Thu, 30 Jan 2014 13:42:25 -0500
Subject: [PATCH] Switch the CSRF token to logging only to test for a little
 while in prod.

---
 endpoints/api.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/endpoints/api.py b/endpoints/api.py
index da37c2508..c0f10effc 100644
--- a/endpoints/api.py
+++ b/endpoints/api.py
@@ -37,6 +37,7 @@ route_data = None
 
 api = Blueprint('api', __name__)
 
+
 @api.before_request
 def csrf_protect():
   if request.method != "GET" and request.method != "HEAD":
@@ -45,7 +46,13 @@ def csrf_protect():
 
     # TODO: add if not token here, once we are sure all sessions have a token.
     if token != found_token:
-      abort(403)
+      msg = 'CSRF Failure. Session token was %s and request token was %s'
+      logger.error(msg, token, found_token)
+
+    if not token:
+      req_user = current_user.db_user().username if current_user else None
+      logger.warning('No CSRF token in session for current user: %s' %
+                     req_user)
 
 
 def get_route_data():