import re
import urllib
-from pgweb.util.decorators import ssl_required, cache
+from pgweb.util.decorators import ssl_required, cache, nocache
from pgweb.util.contexts import NavContext
from pgweb.util.helpers import simple_form, PgXmlHelper, HttpServerError
from pgweb.util.moderation import get_all_pending_moderations
x.endDocument()
return resp
+@nocache
+def csrf_failure(request, reason=''):
+ return render_to_response('errors/csrf_failure.html', {
+ 'reason': reason,
+ })
+
# Basic information about the connection
@cache(seconds=30)
def system_information(request):
'util.middleware.PgMiddleware',
]
+CSRF_FAILURE_VIEW='pgweb.core.views.csrf_failure'
+
ROOT_URLCONF = 'pgweb.urls'
TEMPLATE_DIRS = (
--- /dev/null
+{%extends "base/page.html"%}
+{%block title%}Cross Site Request Detected{%endblock%}
+{%block contents%}
+<h1>Cross Site Request Detected</h1>
+<p>
+Your request to access this resource failed because the system detected
+a Cross Site Request. This is either caused by a legitimiate attempt to
+inject data, or by your system not being configured to allow validation
+of the request.
+</p>
+<p>
+The most common reason for tihs error is that your browser
+<b>does not allow cookies</b> on this request. Cookies are required for the
+cross site protection to work.
+</p>
+<p>
+The internal reason given was: <i>{{reason}}</i>
+</p>
+{%endblock%}
projects / pgweb.git / commitdiff