add CSRF validation

2021-12-21 16:57:39 +01:00 · 2021-12-21 16:57:39 +01:00 · e32089c81e
commit e32089c81e
parent ae5a18138b
5 changed files with 21 additions and 1 deletions
--- a/ldap_frontend/templates/groups/members.html
+++ b/ldap_frontend/templates/groups/members.html
@ -16,6 +16,7 @@
                        <td>{{ member["cn"] }}</td>
                        <td>
                            <form action="{{ url_for("group_edit", ou=ou) }}" method="post">
+                                <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
                                <input type="hidden" name="remove" value="{{ member["uid"] }}">
                                <input type="submit" value="remove" class="btn btn-danger">
                            </form>
@ -25,6 +26,7 @@
                </tbody>
            </table>
            <form action="{{ url_for("group_edit", ou=ou) }}" method="post" class="row g-3 needs-validation">
+                <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
                <fieldset>
                    <legend>add user to group</legend>