Details
-
Bug
-
Resolution: Fixed
-
Medium
Description
tl;dr: The 404 is pretty. Make a better 403.
It's pretty easy to generate the attached Django 403 error.
I regularly do it by accident using Chrome.
If I have bitbucket open, say:
https://bitbucket.org/elequ/elena/overview
If I then restart my browser session and the tab is automatically reopened to:
https://bitbucket.org/account/signin/?next=/elequ/elena/overview
This causes the csrf token failure. Makes sense, no problem. This is good and right.
The issue is this page looks so out of sorts on such an otherwise awesome project and reveals corporate knowledge. I didn't truly realise this project was Django, but now I do. Also it's so easy to make error pages in the Django.
Just heads up. Thanks!