Implement CSRF protection & error page

2025-12-15 02:13:03 -06:00 · 2022-03-29 16:25:30 -05:00
parent f41b83a15f
commit 311f061b10
3 changed files with 35 additions and 7 deletions
--- a/templates/errors/csrf.html
+++ b/templates/errors/csrf.html
@@ -0,0 +1,19 @@
+{% extends 'layouts/index.html' %}
+
+{% block content %}
+    <div class="content-inner" style="display: flex">
+        <div style="margin: 0 auto;">
+            <h2>400 - Bad CSRF Token</h2>
+            <p>
+                {% if current_user.is_authenticated %}
+                    Sorry <strong>{{ current_user.username }}</strong>, the
+                {% else %}
+                    The
+                {% endif %} form you submitted requires a CSRF token to be valid.
+                <br>
+                This may happen if the form was submitted long after the token was generated, and it has thus expired.
+                <span style="text-align: center">Go <a href="{{ url_for('main.index') }}">home?</a></span>
+            </p>
+        </div>
+    </div>
+{% endblock %}