Merge pull request #3742 from Pylons/fix-csrf-400-status

Fix csrf 400 status lines

1 files changed, 10 insertions, 12 deletions

diff --git a/src/pyramid/exceptions.py b/src/pyramid/exceptions.py
index 16aeb7e4f..9f19a4bb4 100644
--- a/src/pyramid/exceptions.py
+++ b/src/pyramid/exceptions.py
@@ -10,12 +10,11 @@ class BadCSRFOrigin(HTTPBadRequest):
     origin validation.
     """
 
-    title = "Bad CSRF Origin"
     explanation = (
-        "Access is denied. This server can not verify that the origin or "
-        "referrer of your request matches the current site. Either your "
-        "browser supplied the wrong Origin or Referrer or it did not supply "
-        "one at all."
+        "Bad CSRF Origin. Access is denied. This server can not verify that "
+        "the origin or referrer of your request matches the current site. "
+        "Either your browser supplied the wrong Origin or Referrer or it did "
+        "not supply one at all."
     )
 
 
@@ -25,14 +24,13 @@ class BadCSRFToken(HTTPBadRequest):
     forgery token validation.
     """
 
-    title = 'Bad CSRF Token'
     explanation = (
-        'Access is denied.  This server can not verify that your cross-site '
-        'request forgery token belongs to your login session.  Either you '
-        'supplied the wrong cross-site request forgery token or your session '
-        'no longer exists.  This may be due to session timeout or because '
-        'browser is not supplying the credentials required, as can happen '
-        'when the browser has cookies turned off.'
+        'Bad CSRF token received. Access is denied. This server can not '
+        'verify that your cross-site request forgery token belongs to your '
+        'login session. Either you supplied the wrong cross-site request '
+        'forgery token or your session no longer exists. This may be due to '
+        'session timeout or because browser is not supplying the credentials '
+        'required, as can happen when the browser has cookies turned off.'
     )