Skip to content

Commit

Permalink
feat: add error ids for csrf-related errors
Browse files Browse the repository at this point in the history
  • Loading branch information
@aeneasr
aeneasr committed Oct 19, 2021
1 parent 246a045 commit dc2adbf
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
6 changes: 5 additions & 1 deletion x/nosurf.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import (
"fmt"
"net/http"

"github.com/ory/kratos/text"

"github.com/ory/kratos/driver/config"

"github.com/pkg/errors"
Expand All @@ -17,7 +19,9 @@ import (
)

var (
ErrInvalidCSRFToken = herodot.ErrForbidden.WithError("the request was rejected to protect you from Cross-Site-Request-Forgery").
ErrInvalidCSRFToken = herodot.ErrForbidden.
WithID(text.ErrIDCSRF).
WithError("the request was rejected to protect you from Cross-Site-Request-Forgery").
WithDetail("docs", "https://www.ory.sh/kratos/docs/debug/csrf").
WithReason("The request was rejected to protect you from Cross-Site-Request-Forgery (CSRF) which could cause account takeover, leaking personal information, and other serious security issues.")
ErrGone = herodot.DefaultError{
Expand Down
2 changes: 1 addition & 1 deletion x/nosurf_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ func TestNosurfBaseCookieErrorHandler(t *testing.T) {
expectError := func(t *testing.T, err error, req *http.Request) {
rec := httptest.NewRecorder()
h(rec, req)
assertx.EqualAsJSON(t, x.ErrInvalidCSRFTokenAJAXNoCookies, json.RawMessage(gjson.Get(rec.Body.String(), "error").Raw))
assertx.EqualAsJSON(t, err, json.RawMessage(gjson.Get(rec.Body.String(), "error").Raw))
}

newAjaxRequest := func() *http.Request {
Expand Down

0 comments on commit dc2adbf

Please sign in to comment.