thunderstrike/plane
thunderstrike/plane
2
0
Fork 0
forked from github/plane
Code Pull Requests Activity

[WEB - 1387]dev: custom csrf failure view (#4531)

Browse Source 
* dev: custom csrf view

* dev: update template to use only css for styling
This commit is contained in:
Nikhil 2024-05-21 15:04:10 +05:30 committed by GitHub
parent 410f04c327
commit 0f5294c5e2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 76 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apiserver/plane/authentication/views/common.py
View File

@ -1,3 +1,6 @@
# Django imports
from django.shortcuts import render
# Third party imports # Third party imports
from rest_framework import status from rest_framework import status
from rest_framework.permissions import AllowAny from rest_framework.permissions import AllowAny
@ -17,7 +20,7 @@ from plane.authentication.adapter.error import (
) )
from django.middleware.csrf import get_token from django.middleware.csrf import get_token
from plane.utils.cache import invalidate_cache from plane.utils.cache import invalidate_cache
from plane.authentication.utils.host import base_host
class CSRFTokenEndpoint(APIView): class CSRFTokenEndpoint(APIView):
@ -34,6 +37,11 @@ class CSRFTokenEndpoint(APIView):
) )
def csrf_failure(request, reason=""):
"""Custom CSRF failure view"""
return render(request, "csrf_failure.html", {"reason": reason, "root_url": base_host(request=request)})
class ChangePasswordEndpoint(APIView): class ChangePasswordEndpoint(APIView):
def post(self, request): def post(self, request):
user = User.objects.get(pk=request.user.id) user = User.objects.get(pk=request.user.id)

1
apiserver/plane/settings/common.py
View File

@ -345,6 +345,7 @@ CSRF_COOKIE_SECURE = secure_origins
CSRF_COOKIE_HTTPONLY = True CSRF_COOKIE_HTTPONLY = True
CSRF_TRUSTED_ORIGINS = cors_allowed_origins CSRF_TRUSTED_ORIGINS = cors_allowed_origins
CSRF_COOKIE_DOMAIN = os.environ.get("COOKIE_DOMAIN", None) CSRF_COOKIE_DOMAIN = os.environ.get("COOKIE_DOMAIN", None)
CSRF_FAILURE_VIEW = "plane.authentication.views.common.csrf_failure"
# Base URLs # Base URLs
ADMIN_BASE_URL = os.environ.get("ADMIN_BASE_URL", None) ADMIN_BASE_URL = os.environ.get("ADMIN_BASE_URL", None)

66
apiserver/templates/csrf_failure.html Normal file
View File

@ -0,0 +1,66 @@
<!-- templates/csrf_failure.html -->
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>CSRF Verification Failed</title>
<style>
body {
font-family: Arial, sans-serif;
background-color: #f8f9fa;
padding: 50px;
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
margin: 0;
}
.card {
max-width: 400px;
padding: 30px;
background-color: #ffffff;
border-radius: 8px;
box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
}
.card-header {
text-align: center;
margin-bottom: 20px;
}
.btn-primary {
display: block;
width: 100%;
padding: 10px;
background-color: #007bff;
color: #fff;
text-align: center;
text-decoration: none;
border: none;
border-radius: 4px;
cursor: pointer;
}
.btn-primary:hover {
background-color: #0056b3;
}
</style>
</head>
<body>
<div class="card">
<div class="card-header">
<h3>CSRF Verification Failed</h3>
</div>
<div class="card-body">
<p>
It looks like your form submission has expired or there was a problem
with your request.
</p>
<p>Please try the following:</p>
<ul>
<li>Refresh the page and try submitting the form again.</li>
<li>Ensure that cookies are enabled in your browser.</li>
</ul>
<a href="{{ root_url }}" class="btn-primary">Go to Home Page</a>
</div>
</div>
</body>
</html>