Mercurial > p > roundup > code
diff roundup/cgi/client.py @ 5846:fd015c4c6c23
Fix microcopy for CSRF validation failure. Remove display of bad
token, I mean what is the user going to do with it. Details are logged
so no info is lost. Make verbage more user friendly. Suggest
re-entering unsaved data and trying again.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 15 Jul 2019 20:41:24 -0400 |
| parents | 883c9e90b403 |
| children | 26cd8e8bbed3 |
line wrap: on
line diff
--- a/roundup/cgi/client.py Sat Jul 13 09:53:11 2019 -0400 +++ b/roundup/cgi/client.py Mon Jul 15 20:41:24 2019 -0400 @@ -1304,7 +1304,7 @@ logger.error( self._("Csrf mismatch user: current user %s != stored user %s, current session, stored session: %s,%s for key %s."), current_user, nonce_user, current_session, nonce_session, key) - raise UsageError(self._("Invalid csrf token found: %s")%key) + raise UsageError(self._("We can't validate your session (csrf failure). Re-enter any unsaved data and try again.")) elif enforce == 'logfailure': logger.warning( self._("logged only: Csrf mismatch user: current user %s != stored user %s, current session, stored session: %s,%s for key %s."), @@ -1314,7 +1314,7 @@ logger.error( self._("Csrf mismatch user: current session %s != stored session %s, current user/stored user is: %s for key %s."), current_session, nonce_session, current_user, key) - raise UsageError(self._("Invalid csrf session found: %s")%key) + raise UsageError(self._("We can't validate your session (csrf failure). Re-enter any unsaved data and try again.")) elif enforce == 'logfailure': logger.warning( self._("logged only: Csrf mismatch user: current session %s != stored session %s, current user/stored user is: %s for key %s."),