[bug 857734] Write better csrf error page

Joshua Smith · willkg · commit c4f80919f32f · 2014-02-26T09:38:11.000-05:00
diff --git a/fjord/base/templates/csrf_failure.html b/fjord/base/templates/csrf_failure.html
@@ -0,0 +1,12 @@
+{% extends "base.html" %}
+
+{% block page_title %}{{ _('CSRF Failure') }}{% endblock %}
+
+{% block content %}
+  <div class="col"></div>
+  <div class="col wide">
+    <div class="block">
+      {% include "includes/csrf_failure_text.html" %}
+    </div>
+  </div>
+{% endblock %}
diff --git a/fjord/base/templates/includes/csrf_failure_text.html b/fjord/base/templates/includes/csrf_failure_text.html
@@ -0,0 +1,13 @@
+<h1>{{ _('CSRF Failure') }}</h1>
+<p>
+  {% trans %}
+    Your submission failed a security check on our system.
+  {% endtrans %}
+</p>
+<p>
+  {% trans %}
+    Please make sure you have cookies enabled, press the Back button in your
+    browser, refresh the page, fill out the form, and try submitting your 
+    feedback again.
+  {% endtrans %}
+</p>
diff --git a/fjord/base/templates/mobile/csrf_failure.html b/fjord/base/templates/mobile/csrf_failure.html
@@ -0,0 +1,11 @@
+{% extends "mobile/base.html" %}
+
+{% block page_title %}{{ _('CSRF Failure') }}{% endblock %}
+
+{% block content %}
+  <article>
+    <section>
+      {% include "includes/csrf_failure_text.html" %}
+    </section>
+  </article>
+{% endblock %}
diff --git a/fjord/base/views.py b/fjord/base/views.py
@@ -3,7 +3,7 @@
 from functools import wraps
 
 from django.conf import settings
-from django.http import Http404, HttpResponse, HttpResponseRedirect
+from django.http import Http404, HttpResponse, HttpResponseForbidden, HttpResponseRedirect
 from django.shortcuts import render
 from django.utils.http import is_safe_url
 from django.views.decorators.cache import never_cache
@@ -54,6 +54,11 @@ def login_failure(request, template=None):
     return render(request, template)
 
 
+@mobile_template('{mobile/}csrf_failure.html')
+def csrf_failure(request, reason='', template=None):
+    return HttpResponseForbidden(render(request, template), content_type='text/html')
+
+
 @mobile_template('{mobile/}about.html')
 def about_view(request, template=None):
     return render(request, template)
diff --git a/fjord/settings/base.py b/fjord/settings/base.py
@@ -325,6 +325,9 @@
 # Always generate a CSRF token for anonymous users.
 ANON_ALWAYS = True
 
+# CSRF error page
+CSRF_FAILURE_VIEW = 'fjord.base.views.csrf_failure'
+
 # Tells the extract script what files to look for L10n in and what
 # function handles the extraction. The Tower library expects this.
 DOMAIN_METHODS['messages'] = [
