mirror of
https://github.com/simonw/datasette.git
synced 2026-06-15 13:36:58 +02:00
0b639a8122- New CSRF protection middleware inspired by Go 1.25 and research by Filippo Valsorda - https://words.filippo.io/csrf/ - this replaces the old CSRF token based protection. - Removes all instances of `<input type="hidden" name="csrftoken" value="{{ csrftoken() }}">` in the templates - they are no longer needed. - Removes the `def skip_csrf(datasette, scope):` plugin hook defined in `datasette/hookspecs.py` and its documentation and tests. - Updated CSRF protection documentation to describe the new approach. - Upgrade guide now describes the CSRF change.
13 lines
487 B
HTML
13 lines
487 B
HTML
{% extends "base.html" %}
|
|
{% block title %}CSRF check failed{% endblock %}
|
|
{% block content %}
|
|
<h1>Form origin check failed</h1>
|
|
|
|
<p>Your request's origin could not be validated. Please return to the form and submit it again.</p>
|
|
|
|
<details><summary>Technical details</summary>
|
|
<p>Developers: consult Datasette's <a href="https://docs.datasette.io/en/latest/internals.html#csrf-protection">CSRF protection documentation</a>.</p>
|
|
<p>Reason: {{ reason }}</p>
|
|
</details>
|
|
|
|
{% endblock %}
|