Labels Milestones

New Issue

chaos testing: jinja2.exceptions.TemplateNotFound: csrf_error.html #8

Closed

opened 3 years ago by decentral1se · 2 comments

decentral1se commented 3 years ago

Uploaded the attached zip for step 1 and clicked upload. (didn't choose theme!)

  File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/app.py", line 2091, in __call__
    return self.wsgi_app(environ, start_response)
  File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/app.py", line 2076, in wsgi_app
    response = self.handle_exception(e)
  File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/app.py", line 2073, in wsgi_app
    response = self.full_dispatch_request()
  File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/app.py", line 1518, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/app.py", line 1386, in handle_user_exception
    return self.handle_http_exception(e)
  File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/app.py", line 1326, in handle_http_exception
    return self.ensure_sync(handler)(e)
  File "/home/d/work/varia/distribusi-verse/verse/start.py", line 269, in handle_csrf_error
    return render_template("csrf_error.html", reason=e.description), 400
  File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/templating.py", line 148, in render_template
    ctx.app.jinja_env.get_or_select_template(template_name_or_list),
  File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/jinja2/environment.py", line 1068, in get_or_select_template
    return self.get_template(template_name_or_list, parent, globals)
  File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/jinja2/environment.py", line 997, in get_template
    return self._load_template(name, globals)
  File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/jinja2/environment.py", line 958, in _load_template
    template = self.loader.load(self, name, self.make_globals(globals))
  File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/jinja2/loaders.py", line 125, in load
    source, filename, uptodate = self.get_source(environment, name)
  File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/templating.py", line 59, in get_source
    return self._get_source_fast(environment, template)
  File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/templating.py", line 95, in _get_source_fast
    raise TemplateNotFound(template)
jinja2.exceptions.TemplateNotFound: csrf_error.html

Uploaded the attached zip for step 1 and clicked upload. (didn't choose theme!) ``` File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/app.py", line 2091, in __call__ return self.wsgi_app(environ, start_response) File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/app.py", line 2076, in wsgi_app response = self.handle_exception(e) File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/app.py", line 2073, in wsgi_app response = self.full_dispatch_request() File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/app.py", line 1518, in full_dispatch_request rv = self.handle_user_exception(e) File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/app.py", line 1386, in handle_user_exception return self.handle_http_exception(e) File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/app.py", line 1326, in handle_http_exception return self.ensure_sync(handler)(e) File "/home/d/work/varia/distribusi-verse/verse/start.py", line 269, in handle_csrf_error return render_template("csrf_error.html", reason=e.description), 400 File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/templating.py", line 148, in render_template ctx.app.jinja_env.get_or_select_template(template_name_or_list), File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/jinja2/environment.py", line 1068, in get_or_select_template return self.get_template(template_name_or_list, parent, globals) File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/jinja2/environment.py", line 997, in get_template return self._load_template(name, globals) File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/jinja2/environment.py", line 958, in _load_template template = self.loader.load(self, name, self.make_globals(globals)) File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/jinja2/loaders.py", line 125, in load source, filename, uptodate = self.get_source(environment, name) File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/templating.py", line 59, in get_source return self._get_source_fast(environment, template) File "/home/d/work/varia/distribusi-verse/.venv/lib/python3.9/site-packages/flask/templating.py", line 95, in _get_source_fast raise TemplateNotFound(template) jinja2.exceptions.TemplateNotFound: csrf_error.html ```

image.png

27 KiB

yay.zip

458 B

crunk commented 3 years ago

Owner

csrf error you should see all the time still. because the development server of flask can't properly handle anti-csrf tokens. going back and forth between an error page and redoing your actions, causes one.

csrf error you should see all the time still. because the development server of flask can't properly handle anti-csrf tokens. going back and forth between an error page and redoing your actions, causes one.

crunk commented 3 years ago

Owner

working for a while now with an application with CSRF (cross-site request forgery) tokens in place.

When you are developing a flask application and you make any edit to the code, the application restarts, giving a new CSRF token. Your browser is still open and you are given a CSRF error, since the browser session has the wrong token.

It could also be because you simply restarted the application but not your browser session.

since Flask works with routes, that can just be found in de the code. Anyone can fire a somewhat correct post request at them and see what happens. So CSRF is pretty crucial for Flask security.

working for a while now with an application with CSRF (cross-site request forgery) tokens in place. When you are developing a flask application and you make any edit to the code, the application restarts, giving a new CSRF token. Your browser is still open and you are given a CSRF error, since the browser session has the wrong token. It could also be because you simply restarted the application but not your browser session. since Flask works with routes, that can just be found in de the code. Anyone can fire a somewhat correct post request at them and see what happens. So CSRF is pretty crucial for Flask security.

crunk closed this issue 3 years ago

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

current_wdka_release

main

wdka_autonomous_practices

Labels

Apply labels

Clear labels

No items

No Label

Milestone

Set milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Assign users

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview

Loading…

Cancel

Save

There is no content yet.