write better csrf error page

RESOLVED FIXED

Status

Input
General
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: willkg, Assigned: joshua)

Tracking

Details

(Whiteboard: u=dev c=general p= s=input.2014q1 [mentor=willkg])

Attachments

(1 attachment)

The csrf error page is "technical". It'd be better to have one that's more user-friendly.
Putting these in my queue for this quarter.
Assignee: nobody → willkg
Whiteboard: u=dev c=general p= s=input.2013q2
We want to write a view for handling CSRF failures in the style of the rest of the site and with language that's less technical.

Django documentation for this:

https://docs.djangoproject.com/en/dev/ref/contrib/csrf/

https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-CSRF_FAILURE_VIEW

For now (unless someone has better suggestion), make the language something like this:

"""
Your submission failed a security check on our system for cross-site request forgery. There are a few reasons why this might have happened in error. Please make sure you have cookies enabled, press the Back button in your browser, refresh the page, fill out the form, and try submitting it again.
"""

That's not great (e.g.if the suggested fix doesn't work, we don't have any recourse for the user) but it's good enough for now and implementing this gives us a base to work with going forward.

This is a mentored bug. If you're interested in working on it, comment here or ping willkg in #input on irc.freenode.net.
Whiteboard: u=dev c=general p= s=input.2013q2 → u=dev c=general p= s=input.2013q2 [mentor=willkg]
Oops--by "irc.freenode.net" i meant "irc.mozilla.org". Doh!
(In reply to Will Kahn-Greene [:willkg] from comment #2)
> """
> Your submission failed a security check on our system for cross-site request
> forgery. There are a few reasons why this might have happened in error.
> Please make sure you have cookies enabled, press the Back button in your
> browser, refresh the page, fill out the form, and try submitting it again.
> """

Without bikeshedding too much, I'd avoid the phrase "cross-site request forgery". Very jargon-y.
It's definitely jargon-y. I was trying to be specific enough that the user could report the issue to someone and that someone would have enough information to do something. But... it occurs to me this is a csrf failure page, so the context already has this information.

How's this?:

"""
Your submission failed a security check on our system.
There are a few reasons why this might have happened in error.
Please make sure you have cookies enabled, press the Back button in your
browser, refresh the page, fill out the form, and try submitting it again.
"""

Comment 6

5 years ago
Hi,

I wish to work on this bug. Kindly help me and point me in which direction should I start looking to start work.

Thanks!!

Best Regards,
Rajul
Rajul will be working on this and I'll help.
Assignee: willkg → rajul.iitkgp
Whiteboard: u=dev c=general p= s=input.2013q2 [mentor=willkg] → u=dev c=general p= s=input.2013q2 [mentor=r1cky]
Rajul: How're you doing with this?

Comment 9

5 years ago
Hi Will,

I am actually slightly busy right now and have not yet got a chance to take a look at this properly. I shall be free this Friday onwards and will take a deeper look then.

Cheers!!

Best Regards,
Rajul
Whiteboard: u=dev c=general p= s=input.2013q2 [mentor=r1cky] → u=dev c=general p= s=input.2013q3 [mentor=r1cky]
2013q3 is over and this doesn't need to get done for 2013q4, so I'm bumping it out of the sprint.

Rajul: If you don't think you're going to get to this in October, then we should unassign it from you. At some point when you have more time and if this is still around, you could pick it up again. Let me know where things are at.
Whiteboard: u=dev c=general p= s=input.2013q3 [mentor=r1cky] → u=dev c=general p= s= [mentor=r1cky]
I'm changing the mentor to me.

Given we haven't heard from Rajul in a long time, I'm unassigning it and making it available to others again.
Assignee: rajul.iitkgp → nobody
Whiteboard: u=dev c=general p= s= [mentor=r1cky] → u=dev c=general p= s= [mentor=willkg]
(Assignee)

Comment 12

5 years ago
Created attachment 8381678 [details] [review]
Pull on GitHub
Attachment #8381678 - Flags: review?(willkg)
(Assignee)

Updated

5 years ago
Assignee: nobody → joshua-smith
Landed in master in https://github.com/mozilla/fjord/commit/c4f8091

Pushed to production just now.

Thank you!
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Whiteboard: u=dev c=general p= s= [mentor=willkg] → u=dev c=general p= s=input.2014q1 [mentor=willkg]
(Assignee)

Updated

5 years ago
Attachment #8381678 - Flags: review?(willkg) → review+
You need to log in before you can comment on or make changes to this bug.