diff options
author | Brian Picciano <mediocregopher@gmail.com> | 2022-05-24 17:27:03 -0600 |
---|---|---|
committer | Brian Picciano <mediocregopher@gmail.com> | 2022-05-24 17:27:03 -0600 |
commit | 159638084e167047b86fd65382f50cd099d4eb48 (patch) | |
tree | d4653540894da749726f4f8be988fe6df8d195a7 /srv/src/http/tpl.go | |
parent | 88ebaeda8f02e2c89dac44809fffb1f9ebb71bd0 (diff) |
Fix CSRF loading on static GET pages
Diffstat (limited to 'srv/src/http/tpl.go')
-rw-r--r-- | srv/src/http/tpl.go | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/srv/src/http/tpl.go b/srv/src/http/tpl.go index 5c235a1..8654569 100644 --- a/srv/src/http/tpl.go +++ b/srv/src/http/tpl.go @@ -100,6 +100,7 @@ func (a *api) mustParseTpl(name string) *template.Template { func (a *api) mustParseBasedTpl(name string) *template.Template { tpl := a.mustParseTpl(name) + tpl = template.Must(tpl.New("load-csrf.html").Parse(mustReadTplFile("load-csrf.html"))) tpl = template.Must(tpl.New("base.html").Parse(mustReadTplFile("base.html"))) return tpl } @@ -111,8 +112,8 @@ type tplData struct { func (t tplData) CSRFFormInput() template.HTML { return template.HTML(fmt.Sprintf( - `<input type="hidden" name="%s" value="%s" />`, - csrfTokenFormName, t.CSRFToken, + `<input type="hidden" name="%s" class="csrfHiddenInput" />`, + csrfTokenFormName, )) } |