Fix CSRF issues

GET routes are not protected against CSRF. This commit changes the needed URLs to
POST and replace simple links with forms.

Thanks @fdb-hiroshima for noticing it!
This commit is contained in:
Bat
2018-09-19 18:13:07 +01:00
parent eb24ba1774
commit d8ca1d70b7
12 changed files with 76 additions and 32 deletions
+27
View File
@@ -472,6 +472,33 @@ main .article-meta .tags li a {
width: initial;
}
/** Inline forms (containing only CSRF token and a <submit>, for protected links) **/
form.inline {
display: inline;
margin: 0px;
padding: 0px;
width: auto;
}
form.inline input[type="submit"] {
display: inline-block;
color: #7765E3;
cursor: pointer;
font-size: 1em;
width: auto;
}
form.inline input[type="submit"]:not(.button) {
margin: 0;
border: none;
}
form.inline input[type="submit"]:not(.button) {
background: transparent;
color: #7765E3;
}
/* Button & Submit */
.button, input[type="submit"], button {