Add meaningful message on CSRF failure
This commit is contained in:
parent
ca16e6ec0a
commit
364be66f17
|
|
@ -106,6 +106,32 @@ apps_mfa_bypass = [
|
|||
"""App namespaces that bypass MFA enforcement - normal security model is still enforced."""
|
||||
|
||||
|
||||
def csrf_failure(request, reason=''):
|
||||
"""Custom CSRF failure handler.
|
||||
|
||||
Returns a JSON response for API/headless requests so the frontend can
|
||||
provide a meaningful error message to the user
|
||||
"""
|
||||
from django.views.csrf import csrf_failure as django_default
|
||||
|
||||
if (
|
||||
request.path.startswith('/_allauth/')
|
||||
or request.path.startswith('/api/')
|
||||
or 'application/json' in request.headers.get('Accept', '')
|
||||
or 'application/json' in request.headers.get('Content-Type', '')
|
||||
):
|
||||
return JsonResponse(
|
||||
{
|
||||
'detail': _(
|
||||
'CSRF verification failed. Ensure INVENTREE_SITE_URL and INVENTREE_TRUSTED_ORIGINS are configured correctly.'
|
||||
)
|
||||
},
|
||||
status=403,
|
||||
)
|
||||
|
||||
return django_default(request, reason=reason)
|
||||
|
||||
|
||||
class AuthRequiredMiddleware:
|
||||
"""Check for user to be authenticated."""
|
||||
|
||||
|
|
|
|||
|
|
@ -131,7 +131,9 @@ export async function doBasicLogin(
|
|||
default:
|
||||
notifications.show({
|
||||
title: `${t`Login failed`} (${err.response.status})`,
|
||||
message: t`Check your input and try again.`,
|
||||
message:
|
||||
err.response?.data?.detail ??
|
||||
t`Check your input and try again.`,
|
||||
id: 'auth-login-error',
|
||||
color: 'red'
|
||||
});
|
||||
|
|
|
|||
Loading…
Reference in New Issue