feat(webui): add csrf tokens to all forms processing code

Closes #60
2025-05-01 08:37:28 +02:00 · 2025-05-01 08:37:28 +02:00 · 5d7b540718
commit 5d7b540718
parent 895615ad6e
15 changed files with 71 additions and 2 deletions
--- a/pkg/webui/html/accounts.html
+++ b/pkg/webui/html/accounts.html
@ -9,6 +9,7 @@
  </div>
  {{ if .Page.Session.Data.Account.IsAdmin }}
  <form action="/accounts" enctype="multipart/form-data" method="post">
+    <input name="csrf_token" type="hidden" value="{{ .Page.Session.Data.CsrfToken }}">
    <fieldset>
      <legend>New User Account</legend>
      <div class="grid-2">
@ -40,6 +41,7 @@
      {{ end }}
      <div style="align-self:stretch; display:flex; justify-content:flex-end;">
        <button class="primary" type="submit" value="submit">Create User Account</button>
+      </div>
    </fieldset>
  </form>
  {{ end }}