pfSense

When a user triggers a CSRF error, either by accident (e.g. sitting on the login page for hours without submitting, then trying to log in), or by malicious means (e.g. unintentional submission from a malicious page), the presented page has two issues:

1. It's a plain/default page from CSRF magic, not themed to match pfSense
2. There is not enough warning text about submitting the "Try Again" button, since it may cause harm

The page can be customized by defining a custom callback function, as described in the CSRF Magic docs: https://github.com/ezyang/csrf-magic/blob/master/README.txt#L102

The configuration/function can be defined in guiconfig.inc before the include of CSRF Magic happens.