[WEB - 1387]dev: custom csrf failure view (#4531)

* dev: custom csrf view

* dev: update template to use only css for styling

apiserver/plane/authentication/views/common.py

@@ -1,3 +1,6 @@
+# Django imports
+from django.shortcuts import render
+
 # Third party imports
 from rest_framework import status
 from rest_framework.permissions import AllowAny
@@ -17,7 +20,7 @@ from plane.authentication.adapter.error import (
 )
 from django.middleware.csrf import get_token
 from plane.utils.cache import invalidate_cache
-
+from plane.authentication.utils.host import base_host
 
 class CSRFTokenEndpoint(APIView):
 
@@ -34,6 +37,11 @@ class CSRFTokenEndpoint(APIView):
         )
 
 
+def csrf_failure(request, reason=""):
+    """Custom CSRF failure view"""
+    return render(request, "csrf_failure.html", {"reason": reason, "root_url": base_host(request=request)})
+
+
 class ChangePasswordEndpoint(APIView):
     def post(self, request):
         user = User.objects.get(pk=request.user.id)

apiserver/plane/settings/common.py

@@ -345,6 +345,7 @@ CSRF_COOKIE_SECURE = secure_origins
 CSRF_COOKIE_HTTPONLY = True
 CSRF_TRUSTED_ORIGINS = cors_allowed_origins
 CSRF_COOKIE_DOMAIN = os.environ.get("COOKIE_DOMAIN", None)
+CSRF_FAILURE_VIEW = "plane.authentication.views.common.csrf_failure"
 
 # Base URLs
 ADMIN_BASE_URL = os.environ.get("ADMIN_BASE_URL", None)