more friendly message on invalid CSRF token (#416)

simonLeary42 · web-flow · commit da8f9056a0e6 · 2025-12-19T12:02:14.000-05:00
diff --git a/resources/lib/UnityHTTPD.php b/resources/lib/UnityHTTPD.php
@@ -394,7 +394,13 @@ public static function validatePostCSRFToken(): void
     {
         $token = self::getPostData("csrf_token");
         if (!CSRFToken::validate($token)) {
-            self::badRequest("CSRF token validation failed", data: ["token" => $token]);
+            $errorid = uniqid();
+            self::errorLog("csrf failed to validate", "", errorid: $errorid);
+            self::messageError(
+                "Invalid Session Token",
+                "This can happen if you leave your browser open for a long time. Error ID: $errorid",
+            );
+            self::redirect();
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -394,7 +394,13 @@ public static function validatePostCSRFToken(): void`
`394`	`394`	`{`
`395`	`395`	`$token = self::getPostData("csrf_token");`
`396`	`396`	`if (!CSRFToken::validate($token)) {`
`397`		`- self::badRequest("CSRF token validation failed", data: ["token" => $token]);`
	`397`	`+ $errorid = uniqid();`
	`398`	`+ self::errorLog("csrf failed to validate", "", errorid: $errorid);`
	`399`	`+ self::messageError(`
	`400`	`+ "Invalid Session Token",`
	`401`	`+ "This can happen if you leave your browser open for a long time. Error ID: $errorid",`
	`402`	`+ );`
	`403`	`+ self::redirect();`
`398`	`404`	`}`
`399`	`405`	`}`
`400`	`406`