Use setting CSRF_FAILURE_VIEW to prevent user seeing 403 on CSRF failure, instead redirect them to the same page and display a warning (refs #5617)

2014-10-02 21:47:37 +02:00 · 2014-10-02 21:47:37 +02:00 · 25ef99ffae
parent 28a158144a
commit 25ef99ffae
2 changed files with 6 additions and 0 deletions
--- a/src/authentic2/settings.py
+++ b/src/authentic2/settings.py
@ -135,6 +135,8 @@ AUTHENTICATION_BACKENDS = (
 )
 AUTHENTICATION_BACKENDS = plugins.register_plugins_authentication_backends(
        AUTHENTICATION_BACKENDS)
+CSRF_FAILURE_VIEW = 'authentic2.views.csrf_failure_view'
+

 LOGIN_REDIRECT_URL = '/'
 LOGIN_URL = '/login/'
--- a/src/authentic2/views.py
+++ b/src/authentic2/views.py
@ -472,3 +472,7 @@ class LoggedInView(View):
        return HttpResponse(content, content_type='application/json')

 logged_in = never_cache(LoggedInView.as_view())
+
+def csrf_failure_view(request, reason=""):
+    messages.warning(request, _('The page is out of date, it was reloaded for you'))
+    return HttpResponseRedirect(request.get_full_path())