forked from CGM_Public/pretix_original
34 lines
1.6 KiB
Python
34 lines
1.6 KiB
Python
from django.http import HttpResponseForbidden
|
|
from django.middleware.csrf import REASON_NO_CSRF_COOKIE, REASON_NO_REFERER
|
|
from django.template import Context
|
|
from django.template.loader import get_template
|
|
from django.utils.translation import ugettext as _
|
|
|
|
|
|
def csrf_failure(request, reason=""):
|
|
t = get_template('csrffail.html')
|
|
c = Context({
|
|
'reason': reason,
|
|
'no_referer': reason == REASON_NO_REFERER,
|
|
'no_referer1': _(
|
|
"You are seeing this message because this HTTPS site requires a "
|
|
"'Referer header' to be sent by your Web browser, but none was "
|
|
"sent. This header is required for security reasons, to ensure "
|
|
"that your browser is not being hijacked by third parties."),
|
|
'no_referer2': _(
|
|
"If you have configured your browser to disable 'Referer' headers, "
|
|
"please re-enable them, at least for this site, or for HTTPS "
|
|
"connections, or for 'same-origin' requests."),
|
|
'no_cookie': reason == REASON_NO_CSRF_COOKIE,
|
|
'no_cookie1': _(
|
|
"You are seeing this message because this site requires a CSRF "
|
|
"cookie when submitting forms. This cookie is required for "
|
|
"security reasons, to ensure that your browser is not being "
|
|
"hijacked by third parties."),
|
|
'no_cookie2': _(
|
|
"If you have configured your browser to disable cookies, please "
|
|
"re-enable them, at least for this site, or for 'same-origin' "
|
|
"requests."),
|
|
})
|
|
return HttpResponseForbidden(t.render(c), content_type='text/html')
|