Have created a custom CSRF failure page (#10275)

gitcoinco · Mar 8, 2022 · ebe81fe · ebe81fe
1 parent 0943df2
commit ebe81fe
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/app/app/settings.py b/app/app/settings.py
@@ -573,6 +573,7 @@ def callback(request):
 
 CSRF_COOKIE_SECURE = env.bool('CSRF_COOKIE_SECURE', default=False)
 CSRF_COOKIE_HTTPONLY = env.bool('CSRF_COOKIE_HTTPONLY', default=True)
+CSRF_FAILURE_VIEW = 'retail.views.csrf_failure'
 SESSION_COOKIE_SECURE = env.bool('SESSION_COOKIE_SECURE', default=False)
 SECURE_BROWSER_XSS_FILTER = env.bool('SECURE_BROWSER_XSS_FILTER', default=True)
 SECURE_CONTENT_TYPE_NOSNIFF = env.bool('SECURE_CONTENT_TYPE_NOSNIFF', default=True)

diff --git a/app/retail/views.py b/app/retail/views.py
@@ -1153,11 +1153,12 @@ def presskit(request):
 def handler403(request, exception=None):
     return error(request, 403)
 
+def csrf_failure(request, reason=""):
+    return error(request, 403)
 
 def handler404(request, exception=None):
     return error(request, 404)
 
-
 def handler500(request, exception=None):
     return error(request, 500)