From 04189519281fe844690308b7507c442667a9fd00 Mon Sep 17 00:00:00 2001 From: nai-degen Date: Tue, 21 May 2024 13:10:54 -0500 Subject: [PATCH] tries to provide better guidance on CSRF errors --- src/user/routes.ts | 7 ++++++- src/user/web/views/user_error.ejs | 5 ++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/user/routes.ts b/src/user/routes.ts index 891e686..b3c143a 100644 --- a/src/user/routes.ts +++ b/src/user/routes.ts @@ -34,7 +34,12 @@ userRouter.use( const data: any = { message: err.message, stack: err.stack, status: 500 }; if (req.accepts("json", "html") === "json") { - return res.status(500).json({ error: err.message }); + const isCsrfError = err.message === "invalid csrf token"; + const message = isCsrfError + ? "CSRF token mismatch; try refreshing the page" + : err.message; + + return res.status(500).json({ error: message }); } else { return res.status(500).render("user_error", { ...data, flash: null }); } diff --git a/src/user/web/views/user_error.ejs b/src/user/web/views/user_error.ejs index 3db82c4..f2b8186 100644 --- a/src/user/web/views/user_error.ejs +++ b/src/user/web/views/user_error.ejs @@ -1,8 +1,11 @@ <%- include("partials/shared_header", { title: "Error" }) %>

⚠️ Error <%= status %>: <%= message %>

+ <% if (message.includes('csrf')) { %> +

ℹ️ Refresh the previous page and then try again. If the problem persists, clear cookies for this site.

+ <% } %>
<%= stack %>
- Go Back + Go Back