Closed
Bug 857734
Opened 12 years ago
Closed 11 years ago
write better csrf error page
Categories
(Input :: General, defect)
Input
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: willkg, Assigned: joshua-s)
Details
(Whiteboard: u=dev c=general p= s=input.2014q1 [mentor=willkg])
Attachments
(1 file)
The csrf error page is "technical". It'd be better to have one that's more user-friendly.
|
Reporter | |
Comment 1•12 years ago
|
||
Putting these in my queue for this quarter.
Assignee: nobody → willkg
Whiteboard: u=dev c=general p= s=input.2013q2
|
|
Reporter | |
Comment 2•12 years ago
|
||
We want to write a view for handling CSRF failures in the style of the rest of the site and with language that's less technical.
Django documentation for this:
https://docs.djangoproject.com/en/dev/ref/contrib/csrf/
https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-CSRF_FAILURE_VIEW
For now (unless someone has better suggestion), make the language something like this:
"""
Your submission failed a security check on our system for cross-site request forgery. There are a few reasons why this might have happened in error. Please make sure you have cookies enabled, press the Back button in your browser, refresh the page, fill out the form, and try submitting it again.
"""
That's not great (e.g.if the suggested fix doesn't work, we don't have any recourse for the user) but it's good enough for now and implementing this gives us a base to work with going forward.
This is a mentored bug. If you're interested in working on it, comment here or ping willkg in #input on irc.freenode.net.
Whiteboard: u=dev c=general p= s=input.2013q2 → u=dev c=general p= s=input.2013q2 [mentor=willkg]
|
|
Reporter | |
Comment 3•12 years ago
|
||
Oops--by "irc.freenode.net" i meant "irc.mozilla.org". Doh!
|
||
Comment 4•12 years ago
|
||
(In reply to Will Kahn-Greene [:willkg] from comment #2)
> """
> Your submission failed a security check on our system for cross-site request
> forgery. There are a few reasons why this might have happened in error.
> Please make sure you have cookies enabled, press the Back button in your
> browser, refresh the page, fill out the form, and try submitting it again.
> """
Without bikeshedding too much, I'd avoid the phrase "cross-site request forgery". Very jargon-y.
|
|
Reporter | |
Comment 5•12 years ago
|
||
It's definitely jargon-y. I was trying to be specific enough that the user could report the issue to someone and that someone would have enough information to do something. But... it occurs to me this is a csrf failure page, so the context already has this information.
How's this?:
"""
Your submission failed a security check on our system.
There are a few reasons why this might have happened in error.
Please make sure you have cookies enabled, press the Back button in your
browser, refresh the page, fill out the form, and try submitting it again.
"""
Hi,
I wish to work on this bug. Kindly help me and point me in which direction should I start looking to start work.
Thanks!!
Best Regards,
Rajul
|
||
Comment 7•12 years ago
|
||
Rajul will be working on this and I'll help.
Assignee: willkg → rajul.iitkgp
Whiteboard: u=dev c=general p= s=input.2013q2 [mentor=willkg] → u=dev c=general p= s=input.2013q2 [mentor=r1cky]
|
|
Reporter | |
Comment 8•12 years ago
|
||
Rajul: How're you doing with this?
Hi Will,
I am actually slightly busy right now and have not yet got a chance to take a look at this properly. I shall be free this Friday onwards and will take a deeper look then.
Cheers!!
Best Regards,
Rajul
|
|
Reporter | |
Updated•12 years ago
|
Whiteboard: u=dev c=general p= s=input.2013q2 [mentor=r1cky] → u=dev c=general p= s=input.2013q3 [mentor=r1cky]
|
|
Reporter | |
Comment 10•12 years ago
|
||
2013q3 is over and this doesn't need to get done for 2013q4, so I'm bumping it out of the sprint.
Rajul: If you don't think you're going to get to this in October, then we should unassign it from you. At some point when you have more time and if this is still around, you could pick it up again. Let me know where things are at.
Whiteboard: u=dev c=general p= s=input.2013q3 [mentor=r1cky] → u=dev c=general p= s= [mentor=r1cky]
|
|
Reporter | |
Comment 11•11 years ago
|
||
I'm changing the mentor to me.
Given we haven't heard from Rajul in a long time, I'm unassigning it and making it available to others again.
Assignee: rajul.iitkgp → nobody
Whiteboard: u=dev c=general p= s= [mentor=r1cky] → u=dev c=general p= s= [mentor=willkg]
|
Assignee | |
Comment 12•11 years ago
|
||
Attachment #8381678 -
Flags: review?(willkg)
|
|
Assignee | |
Updated•11 years ago
|
Assignee: nobody → joshua-smith
|
|
Reporter | |
Comment 13•11 years ago
|
||
|
|
Reporter | |
Comment 14•11 years ago
|
||
Landed in master in https://github.com/mozilla/fjord/commit/c4f8091
Pushed to production just now.
Thank you!
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Updated•11 years ago
|
Whiteboard: u=dev c=general p= s= [mentor=willkg] → u=dev c=general p= s=input.2014q1 [mentor=willkg]
|
|
Assignee | |
Updated•11 years ago
|
Attachment #8381678 -
Flags: review?(willkg) → review+
You need to log in
before you can comment on or make changes to this bug.
Description
•