0

When I login to Django admin with an incorrect username and password combination it logs the event as an HTTP 200:

[10/Mar/2015 10:24:06] "POST /admin/login/?next=/admin/ HTTP/1.0" 200 2074

I would expect that it would be recorded as a 403.

django.contrib.admin.forms.AdminAuthenticationForm raises a forms.ValidationError if the login is invalid. Is there a way I could patch this functionality to return HTTP 403?

Mark L
  • 12,405
  • 4
  • 28
  • 41
  • 5
    This isn't a bug...The server understood the request fine, and is returning a `200` with a response/message...i.e. "This was an incorrect login combo, but we have a response for you and this login template was properly returned for you again" – rnevius Mar 10 '15 at 11:27
  • possible duplicate of [Django login with wrong credentials returns 200 not 401](http://stackoverflow.com/questions/25839434/django-login-with-wrong-credentials-returns-200-not-401) –  Mar 10 '15 at 22:55

0 Answers0