Skip to content

fix(auth-v2): CSRF redirect logic #96455

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

fix(auth-v2): CSRF redirect logic #96455

wants to merge 1 commit into from

Conversation

leedongwei
Copy link
Member

No description provided.

@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Jul 25, 2025
cursor[bot]
cursor bot reviewed Jul 25, 2025
View reviewed changes
src/sentry/templates/sentry/403-csrf-failure.html
@@ -137,7 +137,7 @@ <h2>{% trans "CSRF Validation Failed" %}</h2>
localStorage.setItem('lastCsrfError', new Date().toISOString());

button.disabled = true;
status.textContent = '{% trans "Automatically rotating tokens..." %}';
status.textContent = 'Automatically rotating tokens...';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Token Rotation Message and I18n Issues

This commit introduces two bugs:

  1. The "Token rotated! Refreshing the page in 1 sec..." message is misleading, as the page now redirects to /auth/login/ instead of refreshing the current page.
  2. Internationalization support was removed from several user-facing JavaScript strings by replacing Django translation tags ({% trans %}) with hardcoded English text. This breaks multi-language support for messages such as "Rotating...", "Token rotated! Refreshing the page in 1 sec...", "Failed to rotate token.", "Rotate CSRF Token", and "Automatically rotating tokens...", causing them to always display in English and creating inconsistent internationalization with the rest of the template.
Locations (1)

Fix in CursorFix in Web

@leedongwei leedongwei requested a review from cathteng July 25, 2025 17:40
cathteng
cathteng approved these changes Jul 25, 2025
View reviewed changes
Copy link
Member

@cathteng cathteng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm in favor of refreshing the page but this is fine

@cathteng
Copy link
Member

Maybe if we're already on the CSRF url you redirect to login

@leedongwei leedongwei closed this Jul 27, 2025
@github-actions github-actions bot locked and limited conversation to collaborators Aug 11, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@cathteng cathteng cathteng approved these changes

Assignees
No one assigned
Labels
Scope: Backend Automatically applied to PRs that change backend components
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@leedongwei @cathteng