Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make CSRF failures less confusing #2390

Closed
simonw opened this issue Aug 14, 2024 · 4 comments
Closed

Make CSRF failures less confusing #2390

simonw opened this issue Aug 14, 2024 · 4 comments
Labels
developer-experience

Comments

@simonw
Copy link
Owner

simonw commented Aug 14, 2024

A CSRF failure currently returns a confusing error message:

form-urlencoded POST field did not match cookie

Would be good if that at least linked to relevant docs https://docs.datasette.io/en/stable/internals.html#csrf-protection - since these errors are most likely during development.

On Discord here: https://discord.com/channels/823971286308356157/823971286941302908/1273347775165235391

Relevant:
@simonw
Copy link
Owner Author

simonw commented Aug 15, 2024

I released asgi-csrf 0.10 with a new feature to enable this: https://github.com/simonw/asgi-csrf/releases/tag/0.10

@simonw
Copy link
Owner Author

simonw commented Aug 15, 2024

New design:

csrf-error

@simonw simonw closed this as completed in 06d4ffb Aug 15, 2024
@simonw simonw mentioned this issue Aug 15, 2024
Closed
3 tasks
@simonw
Copy link
Owner Author

simonw commented Aug 15, 2024

Ooops... looks like this is served without text/html as the content-type!

CleanShot 2024-08-15 at 08 46 37@2x

@simonw simonw reopened this Aug 15, 2024
simonw added a commit that referenced this issue Aug 15, 2024
@simonw
Use text/html for CSRF error page, refs #2390
05dfd34
@simonw
Copy link
Owner Author

simonw commented Aug 15, 2024

Fixed:

csrf-test

@simonw simonw closed this as completed Aug 15, 2024
simonw added a commit that referenced this issue Aug 16, 2024
@simonw
Release 1.0a15
93a5361 
Refs #2296, #2326, #2384, #2386, #2389, #2390, #2393
simonw added a commit that referenced this issue Aug 16, 2024
@simonw
Release 1.0a15
7d8dd2a 
Refs #2296, #2326, #2384, #2386, #2389, #2390, #2393, #2394
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
developer-experience
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@simonw