CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Respect language headers on error 400/404/500 pages

Browse Source
This commit is contained in:
Raphael Michel
2022-01-25 16:58:52 +01:00
parent 13a86fc6f3
commit 73ab962e16
1 changed files with 70 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
src/pretix/base/views/errors.py
View File

@@ -30,67 +30,85 @@ from django.utils.translation import gettext as _
from django.views.decorators.csrf import requires_csrf_token from django.views.decorators.csrf import requires_csrf_token
from sentry_sdk import last_event_id from sentry_sdk import last_event_id
from pretix.base.i18n import language
from pretix.base.middleware import get_language_from_request
def csrf_failure(request, reason=""): def csrf_failure(request, reason=""):
t = get_template('csrffail.html') try:
c = { locale = get_language_from_request(request)
'reason': reason, except:
'no_referer': reason == REASON_NO_REFERER, locale = "en"
'no_referer1': _( with language(locale): # Middleware might not have run, need to do this manually
"You are seeing this message because this HTTPS site requires a " t = get_template('csrffail.html')
"'Referer header' to be sent by your Web browser, but none was " c = {
"sent. This header is required for security reasons, to ensure " 'reason': reason,
"that your browser is not being hijacked by third parties."), 'no_referer': reason == REASON_NO_REFERER,
'no_referer2': _( 'no_referer1': _(
"If you have configured your browser to disable 'Referer' headers, " "You are seeing this message because this HTTPS site requires a "
"please re-enable them, at least for this site, or for HTTPS " "'Referer header' to be sent by your Web browser, but none was "
"connections, or for 'same-origin' requests."), "sent. This header is required for security reasons, to ensure "
'no_cookie': reason == REASON_NO_CSRF_COOKIE, "that your browser is not being hijacked by third parties."),
'no_cookie1': _( 'no_referer2': _(
"You are seeing this message because this site requires a CSRF " "If you have configured your browser to disable 'Referer' headers, "
"cookie when submitting forms. This cookie is required for " "please re-enable them, at least for this site, or for HTTPS "
"security reasons, to ensure that your browser is not being " "connections, or for 'same-origin' requests."),
"hijacked by third parties."), 'no_cookie': reason == REASON_NO_CSRF_COOKIE,
'no_cookie2': _( 'no_cookie1': _(
"If you have configured your browser to disable cookies, please " "You are seeing this message because this site requires a CSRF "
"re-enable them, at least for this site, or for 'same-origin' " "cookie when submitting forms. This cookie is required for "
"requests."), "security reasons, to ensure that your browser is not being "
} "hijacked by third parties."),
return HttpResponseForbidden(t.render(c), content_type='text/html') 'no_cookie2': _(
"If you have configured your browser to disable cookies, please "
"re-enable them, at least for this site, or for 'same-origin' "
"requests."),
}
return HttpResponseForbidden(t.render(c), content_type='text/html')
@requires_csrf_token @requires_csrf_token
def page_not_found(request, exception): def page_not_found(request, exception):
exception_repr = exception.__class__.__name__
# Try to get an "interesting" exception message, if any (and not the ugly
# Resolver404 dictionary)
try: try:
message = exception.args[0] locale = get_language_from_request(request)
except (AttributeError, IndexError): except:
pass locale = "en"
else: with language(locale): # Middleware might not have run, need to do this manually
if isinstance(message, (str, Promise)): exception_repr = exception.__class__.__name__
exception_repr = str(message) # Try to get an "interesting" exception message, if any (and not the ugly
context = { # Resolver404 dictionary)
'request_path': request.path, try:
'exception': exception_repr, message = exception.args[0]
} except (AttributeError, IndexError):
template = get_template('404.html') pass
body = template.render(context, request) else:
r = HttpResponseNotFound(body) if isinstance(message, (str, Promise)):
r.xframe_options_exempt = True exception_repr = str(message)
return r context = {
'request_path': request.path,
'exception': exception_repr,
}
template = get_template('404.html')
body = template.render(context, request)
r = HttpResponseNotFound(body)
r.xframe_options_exempt = True
return r
@requires_csrf_token @requires_csrf_token
def server_error(request): def server_error(request):
try: try:
template = loader.get_template('500.html') locale = get_language_from_request(request)
except TemplateDoesNotExist: except:
return HttpResponseServerError('<h1>Server Error (500)</h1>', content_type='text/html') locale = "en"
r = HttpResponseServerError(template.render({ with language(locale): # Middleware might not have run, need to do this manually
'request': request, try:
'sentry_event_id': last_event_id(), template = loader.get_template('500.html')
})) except TemplateDoesNotExist:
r.xframe_options_exempt = True return HttpResponseServerError('<h1>Server Error (500)</h1>', content_type='text/html')
return r r = HttpResponseServerError(template.render({
'request': request,
'sentry_event_id': last_event_id(),
}))
r.xframe_options_exempt = True
return r