6 years ago · 2b370a9450
--- a/misago/core/errorpages.py
+++ b/misago/core/errorpages.py
@@ -107,11 +107,17 @@ def social_auth_failed(request, exception):
 
				 @admin_csrf_failure
			
 
				 def csrf_failure(request, reason=""):
			
 
				     if request.is_ajax():
			
 
				-        return _ajax_error(403, _("Request authentication is invalid."))
			
 
				+        return JsonResponse(
			
 
				+            {
			
 
				+                "detail": _(
			
 
				+                    "Your request was rejected because your browser didn't "
			
 
				+                    "send the CSRF cookie, or the cookie sent was invalid."
			
 
				+                )
			
 
				+            },
			
 
				+            status=403,
			
 
				+        )
			
 
				 
			
 
				-    response = render(request, "misago/errorpages/csrf_failure.html")
			
 
				-    response.status_code = 403
			
 
				-    return response
			
 
				+    return render(request, "misago/errorpages/csrf_failure.html", status=403)
			
 
				 
			
 
				 
			
 
				 def not_allowed(request):
			
--- a/misago/core/tests/test_errorpages.py
+++ b/misago/core/tests/test_errorpages.py
@@ -13,12 +13,22 @@ from ..utils import encode_json_html
 
				 
			
 
				 
			
 
				 class CSRFErrorViewTests(TestCase):
			
 
				-    def test_csrf_failure(self):
			
 
				+    def test_csrf_failure_is_handled(self):
			
 
				         """csrf_failure error page has no show-stoppers"""
			
 
				         csrf_client = Client(enforce_csrf_checks=True)
			
 
				         response = csrf_client.post(reverse("misago:index"), data={"eric": "fish"})
			
 
				         self.assertContains(response, "Request blocked", status_code=403)
			
 
				 
			
 
				+    def test_ajax_csrf_failure_is_handled(self):
			
 
				+        """csrf_failure error ajax response has no show-stoppers"""
			
 
				+        csrf_client = Client(enforce_csrf_checks=True)
			
 
				+        response = csrf_client.post(
			
 
				+            reverse("misago:api:auth"),
			
 
				+            data={"eric": "fish"},
			
 
				+            HTTP_X_REQUESTED_WITH="XMLHttpRequest",
			
 
				+        )
			
 
				+        self.assertContains(response, "CSRF cookie", status_code=403)
			
 
				+
			
 
				 
			
 
				 @override_settings(ROOT_URLCONF="misago.core.testproject.urls")
			
 
				 class ErrorPageViewsTests(TestCase):
			
--- a/misago/templates/misago/admin/errorpages/csrf_failure_message.html
+++ b/misago/templates/misago/admin/errorpages/csrf_failure_message.html
@@ -1,6 +1,6 @@
 
				 {% load i18n %}
			
 
				 <p>
			
 
				-  {% trans "Your form submission was rejected because you've browser didn't send the CSRF cookie, or the cookie sent was invalid." %}
			
 
				+  {% trans "Your form submission was rejected because your browser didn't send the CSRF cookie, or the cookie sent was invalid." %}
			
 
				 </p>
			
 
				 <p>
			
 
				   {% trans "This is usually a result of one of following problems:" %}