~jan0sch/smederee
Showing details for patch 6f64dd894d7d5db173d1ddc9f0cefed6f71f867a.
- - 6f64dd894d7d5db173d1ddc9f0cefed6f71f867a
Hub: Change CSRF protection error handling.
Summary of changes
1 files added
- modules/hub/src/main/twirl/de/smederee/hub/views/errors/csrfFailed.scala.html
3 files modified with 6 lines added and 5 lines removed
- modules/hub/src/main/resources/messages.properties with 2 added and 0 removed lines
- modules/hub/src/main/scala/de/smederee/hub/HubServer.scala with 3 added and 4 removed lines
- modules/hub/src/main/twirl/de/smederee/hub/views/main.scala.html with 1 added and 1 removed lines
diff -rN -u old-smederee/modules/hub/src/main/resources/messages.properties new-smederee/modules/hub/src/main/resources/messages.properties --- old-smederee/modules/hub/src/main/resources/messages.properties 2025-01-15 15:58:17.699606129 +0000 +++ new-smederee/modules/hub/src/main/resources/messages.properties 2025-01-15 15:58:17.699606129 +0000 @@ -11,6 +11,8 @@ # error.forbidden.title, error.forbidden.message. # errors.account.not-validated=Sorry, but your account has not been validated and is therefore not allowed to perform the desired action. Please validate your account. You can do so on the settings page. +errors.csrf-failed.title=403 - CSRF check failed! +errors.csrf-failed.message=The request triggered the Cross-Site-Request-Forgery protection. In some circumstances this can be triggered accidently, to resume normal operations it is advised to delete the cookies that are stored by your web browser for this website. errors.forbidden.title=403 - Forbidden errors.internal-server-error.title=500 - Internal Server Error errors.internal-server-error.message=An error occured while processing the request. diff -rN -u old-smederee/modules/hub/src/main/scala/de/smederee/hub/HubServer.scala new-smederee/modules/hub/src/main/scala/de/smederee/hub/HubServer.scala --- old-smederee/modules/hub/src/main/scala/de/smederee/hub/HubServer.scala 2025-01-15 15:58:17.699606129 +0000 +++ new-smederee/modules/hub/src/main/scala/de/smederee/hub/HubServer.scala 2025-01-15 15:58:17.703606146 +0000 @@ -29,7 +29,6 @@ import com.typesafe.config._ import de.smederee.darcs._ import de.smederee.email.{ EmailAddress, SimpleJavaMailMiddleware } -import de.smederee.html.LinkTools._ import de.smederee.html._ import de.smederee.hub.config._ import de.smederee.security._ @@ -399,9 +398,9 @@ .withCSRFCheck(CSRF.checkCSRFinHeaderAndForm[IO, IO](Constants.csrfCookieName.toString, FunctionK.id)) .withOnFailure( Response[IO]( - headers = Headers(List(headers.Location(hubConfiguration.service.external.createFullUri(uri"/")))), - status = Status.SeeOther - ).removeCookie(Constants.csrfCookieName.toString) + Status.Forbidden, + entity = Entity.utf8String(de.smederee.hub.views.html.errors.csrfFailed().body) + ) ) .build signAndValidate = SignAndValidate(hubConfiguration.service.authentication.cookieSecret) diff -rN -u old-smederee/modules/hub/src/main/twirl/de/smederee/hub/views/errors/csrfFailed.scala.html new-smederee/modules/hub/src/main/twirl/de/smederee/hub/views/errors/csrfFailed.scala.html --- old-smederee/modules/hub/src/main/twirl/de/smederee/hub/views/errors/csrfFailed.scala.html 1970-01-01 00:00:00.000000000 +0000 +++ new-smederee/modules/hub/src/main/twirl/de/smederee/hub/views/errors/csrfFailed.scala.html 2025-01-15 15:58:17.703606146 +0000 @@ -0,0 +1,21 @@ +@import de.smederee.hub._ +@import de.smederee.hub.views.html._ + +@(baseUri: Uri = Uri(path = Uri.Path.Root), lang: LanguageCode = LanguageCode("en"), tags: MetaTags = MetaTags.default) +@defining(lang.toLocale) { implicit locale => +<!DOCTYPE html> +<html lang="@lang"> +<head> + <meta charset="UTF-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + @meta(tags) + <title>@Messages("errors.csrf-failed.title")</title> +</head> +<body> + <error> + <h1>@Messages("errors.csrf-failed.title")</h1> + <p>@Messages("errors.csrf-failed.message")</p> + </error> +</body> +</html> +} diff -rN -u old-smederee/modules/hub/src/main/twirl/de/smederee/hub/views/main.scala.html new-smederee/modules/hub/src/main/twirl/de/smederee/hub/views/main.scala.html --- old-smederee/modules/hub/src/main/twirl/de/smederee/hub/views/main.scala.html 2025-01-15 15:58:17.699606129 +0000 +++ new-smederee/modules/hub/src/main/twirl/de/smederee/hub/views/main.scala.html 2025-01-15 15:58:17.703606146 +0000 @@ -2,7 +2,7 @@ @(baseUri: Uri = Uri(path = Uri.Path.Root), lang: LanguageCode = LanguageCode("en"), - tags: MetaTags = MetaTags.empty + tags: MetaTags = MetaTags.default )(customFooters: Html = Html(""), customHeaders: Html = Html("") )(csrf: Option[CsrfToken],