diff options
author | r <r@freesoftwareextremist.com> | 2020-01-25 10:07:06 +0000 |
---|---|---|
committer | r <r@freesoftwareextremist.com> | 2020-01-26 06:49:29 +0000 |
commit | bf2cfaf0ede0e9744408f52538fb4bcd87a6d5b8 (patch) | |
tree | 5d3be1dfa65395bddedd2fb6f06a990c23274f00 /templates/postform.tmpl | |
parent | 5fdc7a59b2efc60e35f5421e28986c356810456e (diff) | |
download | bloat-bf2cfaf0ede0e9744408f52538fb4bcd87a6d5b8.tar.gz bloat-bf2cfaf0ede0e9744408f52538fb4bcd87a6d5b8.zip |
Add CSRF protection
Diffstat (limited to 'templates/postform.tmpl')
-rw-r--r-- | templates/postform.tmpl | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/templates/postform.tmpl b/templates/postform.tmpl index 0b83d2c..ff2dfd9 100644 --- a/templates/postform.tmpl +++ b/templates/postform.tmpl @@ -1,5 +1,6 @@ {{with .Data}} <form class="post-form" action="/post" method="POST" enctype="multipart/form-data"> + <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}"> {{if .ReplyContext}} <input type="hidden" name="reply_to_id" value="{{.ReplyContext.InReplyToID}}" /> <label for="post-content" class="post-form-title"> Reply to {{.ReplyContext.InReplyToName}} </label> |