tries to provide better guidance on CSRF errors

This commit is contained in:
nai-degen 2024-05-21 13:10:54 -05:00
parent 3012aa651e
commit 0418951928
2 changed files with 10 additions and 2 deletions

View File

@ -34,7 +34,12 @@ userRouter.use(
const data: any = { message: err.message, stack: err.stack, status: 500 }; const data: any = { message: err.message, stack: err.stack, status: 500 };
if (req.accepts("json", "html") === "json") { if (req.accepts("json", "html") === "json") {
return res.status(500).json({ error: err.message }); const isCsrfError = err.message === "invalid csrf token";
const message = isCsrfError
? "CSRF token mismatch; try refreshing the page"
: err.message;
return res.status(500).json({ error: message });
} else { } else {
return res.status(500).render("user_error", { ...data, flash: null }); return res.status(500).render("user_error", { ...data, flash: null });
} }

View File

@ -1,8 +1,11 @@
<%- include("partials/shared_header", { title: "Error" }) %> <%- include("partials/shared_header", { title: "Error" }) %>
<div id="error-content" style="color: red; background-color: #eedddd; padding: 1em"> <div id="error-content" style="color: red; background-color: #eedddd; padding: 1em">
<p><strong>⚠️ Error <%= status %>:</strong> <%= message %></p> <p><strong>⚠️ Error <%= status %>:</strong> <%= message %></p>
<% if (message.includes('csrf')) { %>
<p> Refresh the previous page and then try again. If the problem persists, clear cookies for this site.</p>
<% } %>
<pre><%= stack %></pre> <pre><%= stack %></pre>
<a href="#" onclick="window.history.back()">Go Back</a> <a href="#" onclick="window.history.back()" style="color:unset">Go Back</a>
</div> </div>
</body> </body>
</html> </html>