implement anti-csrf measures in all posted forms

2020-05-22 16:04:47 -05:00
parent 2b0ff06ec8
commit fd7dd7390f
5 changed files with 35 additions and 6 deletions
--- a/capsulflask/templates/capsul-detail.html
+++ b/capsulflask/templates/capsul-detail.html
@ -24,6 +24,7 @@
      <form id="delete_action" method="post">
        <input type="hidden" name="delete" value="True"/>
        <input type="hidden" name="are_you_sure" value="True"/>
+        <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
        <input type="submit" class="form-submit-link" value="Yes, Delete">
      </form>
    </div>
@ -79,6 +80,7 @@
      <label class="align" for="delete_action">Actions</label>
      <form id="delete_action" method="post">
        <input type="hidden" name="delete" value="True"/>
+        <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
        <input type="submit" class="form-submit-link" value="Delete...">
      </form>
    </div>