diff --git a/templates/404.html b/templates/404.html index 9abeb142a1..c033f7636e 100644 --- a/templates/404.html +++ b/templates/404.html @@ -13,11 +13,7 @@
- {% if status_code == 405 %} -

{{ _("Method not allowed (405)") }}

- {% else %}

{{ _("Page not found (404)") }}

- {% endif %}

{% trans %} If this error is unexpected, you can diff --git a/templates/4xx.html b/templates/4xx.html new file mode 100644 index 0000000000..24f9a36984 --- /dev/null +++ b/templates/4xx.html @@ -0,0 +1,53 @@ +{% extends "zerver/portico.html" %} + +{% block title %} +{{ _("Error") }} | Zulip +{% endblock %} + +{% block portico_class_name %}error{% endblock %} + +{% block portico_content %} +

+
+
+
+
+ {% if csrf_failure %} +

{{ _("Access forbidden (403)") }}

+

+ {% trans %} + Your request could not be completed because your + browser did not send the credentials required to authenticate + your access. To resolve this issue: + {% endtrans %} +

+ +
    +
  1. + {% trans %} + Make sure that your browser allows cookies for this site. + {% endtrans %} +
    2. +
  2. + {% trans %} + Check for any browser privacy settings or extensions + that block Referer headers, and disable them for + this site. + {% endtrans %} +
    3. +
+ {% elif status_code == 405 %} +

{{ _("Method not allowed (405)") }}

+

+ {% trans %} + If this error is unexpected, you can + contact support. + {% endtrans %} +

+ {% endif %} +
+
+
+
+
+{% endblock %} diff --git a/zerver/decorator.py b/zerver/decorator.py index 7da88ab351..0d6c0ff9a1 100644 --- a/zerver/decorator.py +++ b/zerver/decorator.py @@ -123,7 +123,7 @@ def require_post( return json_method_not_allowed(["POST"]) else: return TemplateResponse( - request, "404.html", context={"status_code": 405}, status=405 + request, "4xx.html", context={"status_code": 405}, status=405 ) return func(request, *args, **kwargs) diff --git a/zerver/middleware.py b/zerver/middleware.py index 5e4c7ecc78..ce1551c051 100644 --- a/zerver/middleware.py +++ b/zerver/middleware.py @@ -19,7 +19,6 @@ from django.utils.crypto import constant_time_compare from django.utils.deprecation import MiddlewareMixin from django.utils.log import log_response from django.utils.translation import gettext as _ -from django.views.csrf import csrf_failure as html_csrf_failure from django_scim.middleware import SCIMAuthCheckMiddleware from django_scim.settings import scim_settings from sentry_sdk import set_tag @@ -454,7 +453,7 @@ def csrf_failure(request: HttpRequest, reason: str = "") -> HttpResponse: if RequestNotes.get_notes(request).error_format == "JSON": return json_response_from_error(CsrfFailureError(reason)) else: - return html_csrf_failure(request, reason) + return render(request, "4xx.html", context={"csrf_failure": True}, status=403) class LocaleMiddleware(DjangoLocaleMiddleware):