Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The CSRF error messages are not translated #583

Open
azmeuk opened this issue Oct 11, 2023 · 0 comments
Open

The CSRF error messages are not translated #583

azmeuk opened this issue Oct 11, 2023 · 0 comments
Labels
csrf i18n

Comments

@azmeuk
Copy link
Member

azmeuk commented Oct 11, 2023
edited

flask-wtf/src/flask_wtf/csrf.py

Lines 99 to 115 in e9f085d

if not data:
raise ValidationError("The CSRF token is missing.")
if field_name not in session:
raise ValidationError("The CSRF session token is missing.")
s = URLSafeTimedSerializer(secret_key, salt="wtf-csrf-token")
try:
token = s.loads(data, max_age=time_limit)
except SignatureExpired as e:
raise ValidationError("The CSRF token has expired.") from e
except BadData as e:
raise ValidationError("The CSRF token is invalid.") from e
if not hmac.compare_digest(session[field_name], token):
raise ValidationError("The CSRF tokens do not match.")

Even if those messages should not been seen that often, I do have users reporting that they encountered CSRF errors in production projects. For that reason, that would be nice if the messages be localized.

I suppose there is something to do with field.gettext but starting translating strings in flask-wtf would require to set up a whole i18n stack (catalogs, weblate etc.) like this is done in wtforms.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
csrf i18n
Milestone
No milestone
Development

No branches or pull requests
1 participant
@azmeuk