Use 400 Bad Request errors for invalid CSRF everywhere

2025-06-27 16:36:00 +00:00 · 2025-03-23 22:12:08 +01:00 · 2025-03-23 22:12:08 +01:00 · 677b2986bc
commit 677b2986bc
parent 5ea5115a72
4 changed files with 11 additions and 10 deletions
--- a/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php
+++ b/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php
@ -105,7 +105,7 @@ class DeveloperControllerTest extends WallabagCoreTestCase

        $this->logInAs('bob');
        $client->request('POST', '/developer/client/delete/' . $adminApiClient->getId());
-        $this->assertSame(403, $client->getResponse()->getStatusCode());
+        $this->assertSame(400, $client->getResponse()->getStatusCode());

        // Try to remove the admin's client with the good user
        $this->logInAs('admin');
--- a/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php
+++ b/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php
@ -794,7 +794,7 @@ class ConfigControllerTest extends WallabagCoreTestCase
        $this->assertStringNotContainsString('config.form_user.delete.button', $body[0]);

        $client->request('POST', '/account/delete');
-        $this->assertSame(403, $client->getResponse()->getStatusCode());
+        $this->assertSame(400, $client->getResponse()->getStatusCode());

        $user = $em
            ->getRepository(User::class)