b1-66er/microblog.pub
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enable the CSRF check for the login page

Browse Source
This commit is contained in:
Thomas Sileo
2018-06-01 21:54:43 +02:00
parent 8af33d866d
commit 2befde27d5
3 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
templates/login.html
View File

@@ -8,6 +8,7 @@
{% if session.logged_in %}logged{% else%}not logged{%endif%}
<form id="login-form" method="POST">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
<input type="password" name="pass" placeholder="password">
{% if u2f_enabled %}
<input type="hidden" name="resp" id="sig-payload" value="">