forked from github/plane
[WEB - 1387]dev: custom csrf failure view (#4531)
* dev: custom csrf view * dev: update template to use only css for styling
This commit is contained in:
parent
410f04c327
commit
0f5294c5e2
@ -1,3 +1,6 @@
|
||||
# Django imports
|
||||
from django.shortcuts import render
|
||||
|
||||
# Third party imports
|
||||
from rest_framework import status
|
||||
from rest_framework.permissions import AllowAny
|
||||
@ -17,7 +20,7 @@ from plane.authentication.adapter.error import (
|
||||
)
|
||||
from django.middleware.csrf import get_token
|
||||
from plane.utils.cache import invalidate_cache
|
||||
|
||||
from plane.authentication.utils.host import base_host
|
||||
|
||||
class CSRFTokenEndpoint(APIView):
|
||||
|
||||
@ -34,6 +37,11 @@ class CSRFTokenEndpoint(APIView):
|
||||
)
|
||||
|
||||
|
||||
def csrf_failure(request, reason=""):
|
||||
"""Custom CSRF failure view"""
|
||||
return render(request, "csrf_failure.html", {"reason": reason, "root_url": base_host(request=request)})
|
||||
|
||||
|
||||
class ChangePasswordEndpoint(APIView):
|
||||
def post(self, request):
|
||||
user = User.objects.get(pk=request.user.id)
|
||||
|
@ -345,6 +345,7 @@ CSRF_COOKIE_SECURE = secure_origins
|
||||
CSRF_COOKIE_HTTPONLY = True
|
||||
CSRF_TRUSTED_ORIGINS = cors_allowed_origins
|
||||
CSRF_COOKIE_DOMAIN = os.environ.get("COOKIE_DOMAIN", None)
|
||||
CSRF_FAILURE_VIEW = "plane.authentication.views.common.csrf_failure"
|
||||
|
||||
# Base URLs
|
||||
ADMIN_BASE_URL = os.environ.get("ADMIN_BASE_URL", None)
|
||||
|
66
apiserver/templates/csrf_failure.html
Normal file
66
apiserver/templates/csrf_failure.html
Normal file
@ -0,0 +1,66 @@
|
||||
<!-- templates/csrf_failure.html -->
|
||||
<!doctype html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<title>CSRF Verification Failed</title>
|
||||
<style>
|
||||
body {
|
||||
font-family: Arial, sans-serif;
|
||||
background-color: #f8f9fa;
|
||||
padding: 50px;
|
||||
display: flex;
|
||||
justify-content: center;
|
||||
align-items: center;
|
||||
height: 100vh;
|
||||
margin: 0;
|
||||
}
|
||||
.card {
|
||||
max-width: 400px;
|
||||
padding: 30px;
|
||||
background-color: #ffffff;
|
||||
border-radius: 8px;
|
||||
box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
|
||||
}
|
||||
.card-header {
|
||||
text-align: center;
|
||||
margin-bottom: 20px;
|
||||
}
|
||||
.btn-primary {
|
||||
display: block;
|
||||
width: 100%;
|
||||
padding: 10px;
|
||||
background-color: #007bff;
|
||||
color: #fff;
|
||||
text-align: center;
|
||||
text-decoration: none;
|
||||
border: none;
|
||||
border-radius: 4px;
|
||||
cursor: pointer;
|
||||
}
|
||||
.btn-primary:hover {
|
||||
background-color: #0056b3;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="card">
|
||||
<div class="card-header">
|
||||
<h3>CSRF Verification Failed</h3>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<p>
|
||||
It looks like your form submission has expired or there was a problem
|
||||
with your request.
|
||||
</p>
|
||||
<p>Please try the following:</p>
|
||||
<ul>
|
||||
<li>Refresh the page and try submitting the form again.</li>
|
||||
<li>Ensure that cookies are enabled in your browser.</li>
|
||||
</ul>
|
||||
<a href="{{ root_url }}" class="btn-primary">Go to Home Page</a>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue
Block a user