mirror of
https://github.com/bugsink/bugsink.git
synced 2026-01-04 20:30:30 -06:00
d572ff3601
When the CSRF view is rendered, no RequestContext is used. This means the token
used for the logout link on the regular base.html won't work.
> UserWarning: A {% csrf_token %} was used in a template, but the context did not
> provide the value. This is usually caused by not using RequestContext.
20 lines
672 B
HTML
20 lines
672 B
HTML
{% extends "bare_base.html" %}
|
|
{% comment %}
|
|
Note on security: the basic principle is "the more you expose, the more an attacker knows."
|
|
In this case, I think it should be fine, because all we expose here is stuff about mismatched hosts, and:
|
|
|
|
1. this will only happen while your site isn't properly configured yet
|
|
2. bugsink recommends a setup with a single host, so this info is literally knowable by looking at the URL bar
|
|
|
|
{% endcomment %}
|
|
|
|
{% block title %}403 Forbidden{% endblock %}
|
|
|
|
{% block content %}
|
|
<div class="m-4">
|
|
<h1 class="text-4xl mt-4 font-bold">CSRF verification failed, request aborted</h1>
|
|
|
|
<div class="pt-2">{{ reason }}</div>
|
|
</div>
|
|
{% endblock %}
|