If a server is under heavy load or under attack, requiring it to access the database in order to give error responses is only going to make the problem worse. Simplify the error templates so database access is not required, cache the user's locale in the session to make it available without database access, and then cache the results of rendering the error templates in Redis.
This fixes #115 by removing the Log in button from the 404 page. It also removes the login form from the 403, but a better solution than having a login form on the 403 is protecting the route that leads to the 403 with login_required, which most of the routes which use abort(403) do already.
If a server is under heavy load or under attack, requiring it to access the database in order to give error responses is only going to make the problem worse. Simplify the error templates so database access is not required, cache the user's locale in the session to make it available without database access, and then cache the results of rendering the error templates in Redis.
This fixes #115 by removing the Log in button from the 404 page. It also removes the login form from the 403, but a better solution than having a login form on the 403 is protecting the route that leads to the 403 with
login_required
, which most of the routes which useabort(403)
do already.