tries to provide better guidance on CSRF errors
This commit is contained in:
parent
3012aa651e
commit
0418951928
|
@ -34,7 +34,12 @@ userRouter.use(
|
||||||
const data: any = { message: err.message, stack: err.stack, status: 500 };
|
const data: any = { message: err.message, stack: err.stack, status: 500 };
|
||||||
|
|
||||||
if (req.accepts("json", "html") === "json") {
|
if (req.accepts("json", "html") === "json") {
|
||||||
return res.status(500).json({ error: err.message });
|
const isCsrfError = err.message === "invalid csrf token";
|
||||||
|
const message = isCsrfError
|
||||||
|
? "CSRF token mismatch; try refreshing the page"
|
||||||
|
: err.message;
|
||||||
|
|
||||||
|
return res.status(500).json({ error: message });
|
||||||
} else {
|
} else {
|
||||||
return res.status(500).render("user_error", { ...data, flash: null });
|
return res.status(500).render("user_error", { ...data, flash: null });
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,11 @@
|
||||||
<%- include("partials/shared_header", { title: "Error" }) %>
|
<%- include("partials/shared_header", { title: "Error" }) %>
|
||||||
<div id="error-content" style="color: red; background-color: #eedddd; padding: 1em">
|
<div id="error-content" style="color: red; background-color: #eedddd; padding: 1em">
|
||||||
<p><strong>⚠️ Error <%= status %>:</strong> <%= message %></p>
|
<p><strong>⚠️ Error <%= status %>:</strong> <%= message %></p>
|
||||||
|
<% if (message.includes('csrf')) { %>
|
||||||
|
<p>ℹ️ Refresh the previous page and then try again. If the problem persists, clear cookies for this site.</p>
|
||||||
|
<% } %>
|
||||||
<pre><%= stack %></pre>
|
<pre><%= stack %></pre>
|
||||||
<a href="#" onclick="window.history.back()">Go Back</a>
|
<a href="#" onclick="window.history.back()" style="color:unset">Go Back</a>
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
Loading…
Reference in New Issue