From 04189519281fe844690308b7507c442667a9fd00 Mon Sep 17 00:00:00 2001
From: nai-degen <khoners@protonmail.com>
Date: Tue, 21 May 2024 13:10:54 -0500
Subject: [PATCH] tries to provide better guidance on CSRF errors

---
 src/user/routes.ts                | 7 ++++++-
 src/user/web/views/user_error.ejs | 5 ++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/user/routes.ts b/src/user/routes.ts
index 891e686..b3c143a 100644
--- a/src/user/routes.ts
+++ b/src/user/routes.ts
@@ -34,7 +34,12 @@ userRouter.use(
     const data: any = { message: err.message, stack: err.stack, status: 500 };
 
     if (req.accepts("json", "html") === "json") {
-      return res.status(500).json({ error: err.message });
+      const isCsrfError = err.message === "invalid csrf token";
+      const message = isCsrfError
+        ? "CSRF token mismatch; try refreshing the page"
+        : err.message;
+
+      return res.status(500).json({ error: message });
     } else {
       return res.status(500).render("user_error", { ...data, flash: null });
     }
diff --git a/src/user/web/views/user_error.ejs b/src/user/web/views/user_error.ejs
index 3db82c4..f2b8186 100644
--- a/src/user/web/views/user_error.ejs
+++ b/src/user/web/views/user_error.ejs
@@ -1,8 +1,11 @@
 <%- include("partials/shared_header", { title: "Error" }) %>
     <div id="error-content" style="color: red; background-color: #eedddd; padding: 1em">
       <p><strong>⚠️ Error <%= status %>:</strong> <%= message %></p>
+      <% if (message.includes('csrf')) { %>
+        <p>ℹ️ Refresh the previous page and then try again. If the problem persists, clear cookies for this site.</p>
+      <% } %>
       <pre><%= stack %></pre>
-      <a href="#" onclick="window.history.back()">Go Back</a>
+      <a href="#" onclick="window.history.back()" style="color:unset">Go Back</a>
     </div>
   </body>
 </html>