more helpful CSRF failure view, add CSRF settings to settings.py

without this, users get a rather unhelpful/misleading response after clicking "Login" if they don't have cookies enabled.

nsupdate/main/views.py

@@ -237,3 +237,30 @@ Disallow: /nic/update/
 Disallow: /overview/
 """
     return HttpResponse(content, content_type="text/plain")
+
+
+def CsrfFailureView(request, reason):
+    """
+    Django's CSRF middleware's builtin view doesn't tell the user that he needs to have cookies enabled.
+
+    :param request: django request object
+    :return: HttpResponse object
+    """
+    if reason == "CSRF cookie not set.":
+        content ="""\
+This site needs cookies (for CSRF protection, for keeping your session after login).
+
+Please enable cookies in your browser (or otherwise make sure the CSRF cookie can be set).
+""" % dict(reason=reason)
+        status = 200
+    else:
+        content = """\
+%(reason)s
+
+CSRF verification failure.
+
+Either you are trying to access this site in 'unusual' ways (then please stop doing that), or
+you found an issue in the code (then please file an issue for this and tell how you got here).
+""" % dict(reason=reason)
+        status = 403
+    return HttpResponse(content, status=status, content_type="text/plain")

nsupdate/settings.py

@@ -205,6 +205,15 @@ ACCOUNT_ACTIVATION_DAYS = 7
 
 LOGIN_REDIRECT_URL = '/overview/'
 
+CSRF_FAILURE_VIEW = 'nsupdate.main.views.CsrfFailureView'
+
+# Settings for CSRF cookie.
+CSRF_COOKIE_NAME = 'csrftoken'
+CSRF_COOKIE_DOMAIN = None
+CSRF_COOKIE_PATH = '/'
+CSRF_COOKIE_SECURE = False
+
+
 try:
     from .local_settings import *
 except ImportError: