Mercurial > p > roundup > code
diff website/issues/html/user.forgotten.html @ 5291:f63a2b15e628
Adding @csrf tokens to all forms using post method.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 24 Sep 2017 21:17:51 -0400 |
| parents | c2d0d3e9099d |
| children | 4d32fa88c5d2 |
line wrap: on
line diff
--- a/website/issues/html/user.forgotten.html Sun Sep 24 21:14:12 2017 -0400 +++ b/website/issues/html/user.forgotten.html Sun Sep 24 21:17:51 2017 -0400 @@ -29,6 +29,8 @@ <input type="hidden" name="@template" value="forgotten"> <input type="submit" value="Request password reset" i18n:attributes="value"> + <input name="@csrf" type="hidden" + tal:attributes="value python:utils.anti_csrf_nonce()"> </td> </tr> </table> @@ -44,6 +46,8 @@ <tr><td></td><td><input type="submit" value="Request password reset" i18n:attributes="value"></td></tr> </table> +<input name="@csrf" type="hidden" + tal:attributes="value python:utils.anti_csrf_nonce()"> </form> <p i18n:translate="">A confirmation email will be sent to you -