Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to customize error messages #28

Closed
simonw opened this issue Aug 14, 2024 · 1 comment
Closed

Ability to customize error messages #28

simonw opened this issue Aug 14, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@simonw
Copy link
Owner

simonw commented Aug 14, 2024

The error messages this produces aren't exactly user-friendly:

asgi-csrf/asgi_csrf.py

Lines 146 to 150 in f1a7e28

await send_csrf_failed(
scope,
wrapped_send,
"form-urlencoded POST field did not match cookie",
)

asgi-csrf/asgi_csrf.py

Lines 168 to 188 in f1a7e28

await send_csrf_failed(
scope,
wrapped_send,
"multipart/form-data POST field did not match cookie",
)
return
except FileBeforeToken:
await send_csrf_failed(
scope,
wrapped_send,
"File encountered before csrftoken - make sure csrftoken is first in the HTML",
)
return
# Now replay the body
await app(scope, replay_receive, wrapped_send)
return
else:
await send_csrf_failed(
scope, wrapped_send, message="Unknown content-type"
)
return

@simonw simonw added the enhancement New feature or request label Aug 14, 2024
@simonw
Copy link
Owner Author

simonw commented Aug 14, 2024

This came up because Datasette serves confusing messages and I'd like to be able to change those to include links to the relevant documentation: https://docs.datasette.io/en/stable/internals.html#csrf-protection

@simonw simonw mentioned this issue Aug 14, 2024
Closed
simonw added a commit that referenced this issue Aug 15, 2024
@simonw
Add ability to customize error messages
1fcd478 
Fixes #28

Add ability to customize error messages in CSRF protection middleware.

* Add `ErrorMessageID` enum to `asgi_csrf.py` for error message IDs.
* Modify `send_csrf_failed` function to accept an error message ID and a custom error message function.
* Update `asgi_csrf_decorator` function to accept a custom error message function.
* Update all calls to `send_csrf_failed` to pass the appropriate error message ID and custom error message function.
* Add tests in `test_asgi_csrf.py` to verify the custom error message functionality.
* Update `README.md` to document the new custom error message functionality and provide examples.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/simonw/asgi-csrf/issues/28?shareId=XXXX-XXXX-XXXX-XXXX).
@simonw simonw mentioned this issue Aug 15, 2024
Closed
simonw added a commit that referenced this issue Aug 15, 2024
@simonw
send_csrf_failed for customizing errors, closes #28
7992fc6
@simonw simonw mentioned this issue Aug 15, 2024
Merged
@simonw simonw closed this as completed in 4db11ae Aug 15, 2024
simonw added a commit that referenced this issue Aug 15, 2024
@simonw
Release 0.10
7d73410 
Refs #21, #25, #28, #30
simonw added a commit to simonw/datasette that referenced this issue Aug 15, 2024
@simonw
Custom error on CSRF failures, closes #2390
06d4ffb 
Uses simonw/asgi-csrf#28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add ability to customize error messages simonw/asgi-csrf
1 participant
@simonw