From e0d7bb5a062fee950abc7ddee855c83ff1d59a5f Mon Sep 17 00:00:00 2001
From: Gerald Iakobinyi-Pich <nutrina9@gmail.com>
Date: Tue, 8 Mar 2022 20:57:54 +0000
Subject: [PATCH] Have created a custom CSRF failure page

---
 app/app/settings.py | 1 +
 app/retail/views.py | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/app/settings.py b/app/app/settings.py
index 202c16ad23a..6b482ef3c4a 100644
--- a/app/app/settings.py
+++ b/app/app/settings.py
@@ -573,6 +573,7 @@ def callback(request):
 
 CSRF_COOKIE_SECURE = env.bool('CSRF_COOKIE_SECURE', default=False)
 CSRF_COOKIE_HTTPONLY = env.bool('CSRF_COOKIE_HTTPONLY', default=True)
+CSRF_FAILURE_VIEW = 'retail.views.csrf_failure'
 SESSION_COOKIE_SECURE = env.bool('SESSION_COOKIE_SECURE', default=False)
 SECURE_BROWSER_XSS_FILTER = env.bool('SECURE_BROWSER_XSS_FILTER', default=True)
 SECURE_CONTENT_TYPE_NOSNIFF = env.bool('SECURE_CONTENT_TYPE_NOSNIFF', default=True)
diff --git a/app/retail/views.py b/app/retail/views.py
index de65643d88c..9fd7019f12c 100644
--- a/app/retail/views.py
+++ b/app/retail/views.py
@@ -1153,11 +1153,12 @@ def presskit(request):
 def handler403(request, exception=None):
     return error(request, 403)
 
+def csrf_failure(request, reason=""):
+    return error(request, 403)
 
 def handler404(request, exception=None):
     return error(request, 404)
 
-
 def handler500(request, exception=None):
     return error(request, 500)