diff --git a/apps/amo/templates/amo/403.html b/apps/amo/templates/amo/403.html
new file mode 100644
index 0000000000..53c6c5c358
--- /dev/null
+++ b/apps/amo/templates/amo/403.html
@@ -0,0 +1,18 @@
+{% extends "impala/base.html" %}
+
+{% block title %}{{ _('Oops') }}{% endblock %}
+
+{% block content %}
+
+ {% trans %}
+ Oops! Not allowed.
+ You tried to do something that you weren't allowed to.
+ {% endtrans %}
+ {% if csrf %}
+ {% trans %}
+ Try going back to the previous page, refreshing
+ and then trying again.
+ {% endtrans %}
+ {% endif %}
+
+{% endblock %}
diff --git a/apps/amo/templates/amo/404.lhtml b/apps/amo/templates/amo/404.html
similarity index 100%
rename from apps/amo/templates/amo/404.lhtml
rename to apps/amo/templates/amo/404.html
diff --git a/apps/amo/templates/amo/500.lhtml b/apps/amo/templates/amo/500.html
similarity index 100%
rename from apps/amo/templates/amo/500.lhtml
rename to apps/amo/templates/amo/500.html
diff --git a/apps/amo/views.py b/apps/amo/views.py
index db1d8f44bd..6dd8e7476a 100644
--- a/apps/amo/views.py
+++ b/apps/amo/views.py
@@ -190,14 +190,19 @@ def _paypal(request):
def handler404(request):
- return jingo.render(request, 'amo/404.lhtml', status=404)
+ return jingo.render(request, 'amo/404.html', status=404)
def handler500(request):
arecibo = getattr(settings, 'ARECIBO_SERVER_URL', '')
if arecibo:
post(request, 500)
- return jingo.render(request, 'amo/500.lhtml', status=500)
+ return jingo.render(request, 'amo/500.html', status=500)
+
+
+def csrf_failure(request, reason=''):
+ return jingo.render(request, 'amo/403.html',
+ {'csrf': 'CSRF' in reason}, status=403)
def loaded(request):
diff --git a/settings.py b/settings.py
index de8d33aae5..49889ea739 100644
--- a/settings.py
+++ b/settings.py
@@ -1160,3 +1160,5 @@ WATERMARK_REUSE_SECONDS = 1800
# by a cron. Setting this far apart from the reuse flag so that we
# shouldn't have an overlap.
WATERMARK_CLEANUP_SECONDS = 3600
+
+CSRF_FAILURE_VIEW = 'amo.views.csrf_failure'