diff options
| author | Bouke Haarsma <bouke@webatoom.nl> | 2013-11-02 09:30:39 +0100 |
|---|---|---|
| committer | Claude Paroz <claude@2xlibre.net> | 2013-11-02 11:22:30 +0100 |
| commit | 61074353864293d3ea51e51e09cf4deedee12963 (patch) | |
| tree | 190b539659fe77a3d4700222ba0e703f0e90ab56 /django | |
| parent | 090315f5dfb9b0a6539daaec6cb88ad93e6e77af (diff) | |
Fixed #21324 -- Translate CSRF failure view
Thanks to Claude Paroz for the original patch.
Diffstat (limited to 'django')
| -rw-r--r-- | django/middleware/csrf.py | 5 | ||||
| -rw-r--r-- | django/views/csrf.py | 45 |
2 files changed, 31 insertions, 19 deletions
diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py index 1089153538..46b1891615 100644 --- a/django/middleware/csrf.py +++ b/django/middleware/csrf.py @@ -92,8 +92,7 @@ class CsrfViewMiddleware(object): return None def _reject(self, request, reason): - logger.warning('Forbidden (%s): %s', - reason, request.path, + logger.warning('Forbidden (%s): %s', reason, request.path, extra={ 'status_code': 403, 'request': request, @@ -184,7 +183,7 @@ class CsrfViewMiddleware(object): return response # If CSRF_COOKIE is unset, then CsrfViewMiddleware.process_view was - # never called, probaby because a request middleware returned a response + # never called, probably because a request middleware returned a response # (for example, contrib.auth redirecting to a login page). if request.META.get("CSRF_COOKIE") is None: return response diff --git a/django/views/csrf.py b/django/views/csrf.py index c95d19d56d..f942917e4b 100644 --- a/django/views/csrf.py +++ b/django/views/csrf.py @@ -1,11 +1,16 @@ +from django.conf import settings from django.http import HttpResponseForbidden from django.template import Context, Template -from django.conf import settings +from django.utils.translation import ugettext as _ # We include the template inline since we need to be able to reliably display # this error message, especially for the sake of developers, and there isn't any # other way of making it available independent of what is in the settings file. +# Only the text appearing with DEBUG=False is translated. Normal translation +# tags cannot be used with this inline templates as makemessages would not be +# able to discover the strings. + CSRF_FAILURE_TEMPLATE = """ <!DOCTYPE html> <html lang="en"> @@ -30,17 +35,11 @@ CSRF_FAILURE_TEMPLATE = """ </head> <body> <div id="summary"> - <h1>Forbidden <span>(403)</span></h1> - <p>CSRF verification failed. Request aborted.</p> + <h1>{{ title }} <span>(403)</span></h1> + <p>{{ main }}</p> {% if no_referer %} - <p>You are seeing this message because this HTTPS site requires a 'Referer - header' to be sent by your Web browser, but none was sent. This header is - required for security reasons, to ensure that your browser is not being - hijacked by third parties.</p> - - <p>If you have configured your browser to disable 'Referer' headers, please - re-enable them, at least for this site, or for HTTPS connections, or for - 'same-origin' requests.</p> + <p>{{ no_referer1 }}</p> + <p>{{ no_referer2 }}</p> {% endif %} </div> {% if DEBUG %} @@ -84,21 +83,35 @@ CSRF_FAILURE_TEMPLATE = """ </div> {% else %} <div id="explanation"> - <p><small>More information is available with DEBUG=True.</small></p> + <p><small>{{ more }}</small></p> </div> {% endif %} </body> </html> """ + def csrf_failure(request, reason=""): """ Default view used when request fails CSRF protection """ from django.middleware.csrf import REASON_NO_REFERER t = Template(CSRF_FAILURE_TEMPLATE) - c = Context({'DEBUG': settings.DEBUG, - 'reason': reason, - 'no_referer': reason == REASON_NO_REFERER - }) + c = Context({ + 'title': _("Forbidden"), + 'main': _("CSRF verification failed. Request aborted."), + 'reason': reason, + 'no_referer': reason == REASON_NO_REFERER, + 'no_referer1': _( + "You are seeing this message because this HTTPS site requires a " + "'Referer header' to be sent by your Web browser, but none was " + "sent. This header is required for security reasons, to ensure " + "that your browser is not being hijacked by third parties."), + 'no_referer2': _( + "If you have configured your browser to disable 'Referer' headers, " + "please re-enable them, at least for this site, or for HTTPS " + "connections, or for 'same-origin' requests."), + 'DEBUG': settings.DEBUG, + 'more': _("More information is available with DEBUG=True."), + }) return HttpResponseForbidden(t.render(c), content_type='text/html') |
