CSRF - Nicer styling of "This request was aborted because it appears to be forged."

[tbba]

I would like to be able to have a more polite info for an CSRF error. Right now it is the normal Exception, correct?

Since CSRF is not necessarily a bug (cache) or hack, but often just a form being open too long before sent, is there a way to show a polite, elegant message (understandable to end users) and maybe a redirect back to the blank form, so the user can start over easily and is not shocked because he/she thought to have crashed something? Maybe with configurable, language aware text messages in the module settings? Like "The submission of your form failed, please try again.. Possible reasons: Your form page had been open to long before submitting it."

Some of my clients already wanted CSRF disabled (in form builder) to not so scare users and avoiding support requests from angry or scared users. I think that disabling a security feature just because the website communicates "nicer" then is the wrong way.

Or did I overlook an existing PW feature?

[Toutouwai]

It's possible to customise the message by adding this to /site/ready.php:

wireLangReplacements([
    'This request was aborted because it appears to be forged.' => 'The submission of your form failed, please try again.  Possible reasons: Your form page had been open to long before submitting it.',
]);