implement anti-csrf measures in all posted forms

2020-05-22 16:04:47 -05:00
parent 2b0ff06ec8
commit fd7dd7390f
5 changed files with 35 additions and 6 deletions
--- a/capsulflask/templates/ssh-public-keys.html
+++ b/capsulflask/templates/ssh-public-keys.html
@ -13,6 +13,7 @@
    <form method="post">
      <input type="hidden" name="method" value="DELETE"></input> 
      <input type="hidden" name="name" value="{{ ssh_public_key['name'] }}"></input> 
+      <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
      <div class="row">
        <span class="code">{{ ssh_public_key['name'] }}</span>
        <span class="dim">{{ ssh_public_key['content'] }}</span>
@ -28,6 +29,7 @@
  </div>
  <form method="post">
    <input type="hidden" name="method" value="POST"></input>
+    <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
    <div class="row justify-start">
      <label class="align" for="content">File Contents</label>
      <textarea class="expand" id="content" name="content"></textarea>