#33567: Builtin csrf_failure() view uses wrong charset
--------------------------------------+------------------------
Reporter: MrVichr | Owner: nobody
Type: Bug | Status: new
Component: CSRF | Version: 4.0
Severity: Normal | Keywords: csrf
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
--------------------------------------+------------------------
When Django detects wrong CSRF token, it shows an error using view
django.views.csrf.csrf_failure. That file ends with
{{{
return HttpResponseForbidden(t.render(c), content_type="text/html;")
}}}
When the template (CSRF_FAILURE_TEMPLATE_NAME) is written using '''UTF-8,
it is rendered incorrectly'''. I suggest changing that line to
{{{
return HttpResponseForbidden(t.render(c), content_type="text/html;"+
f"
charset={settings.DEFAULT_CHARSET};")
}}}
or perhaps leaving out the `content_type` entirely.
Currently I'm using a workaround, by adding
{{{
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
}}}
to the template's HEAD, but it seems to me that the suggested fix is a
better solution.
--
Ticket URL: <https://code.djangoproject.com/ticket/33567>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/0107017f69d6ca3c-40fe9fbe-f0ae-443d-942c-1237a4f63c9b-000000%40eu-central-1.amazonses.com.
