Fix CSRF loading on static GET pages

author: Brian Picciano <mediocregopher@gmail.com> 2022-05-24 17:27:03 -0600
committer: Brian Picciano <mediocregopher@gmail.com> 2022-05-24 17:27:03 -0600
commit: 159638084e167047b86fd65382f50cd099d4eb48 (patch)
tree: d4653540894da749726f4f8be988fe6df8d195a7 /srv/src/http/tpl/load-csrf.html
parent: 88ebaeda8f02e2c89dac44809fffb1f9ebb71bd0 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/srv/src/http/tpl/load-csrf.html b/srv/src/http/tpl/load-csrf.html
new file mode 100644
index 0000000..b0757f9
--- /dev/null
+++ b/srv/src/http/tpl/load-csrf.html
@@ -0,0 +1,13 @@
+<script async type="module" src="{{ StaticURL "api.js" }}"></script>
+
+<script type="text/javascript">
+  (async () => {
+    const api = await import("{{ StaticURL "api.js" }}");
+    const res = await api.call("/api/csrf");
+
+    const els = document.getElementsByClassName("csrfHiddenInput");
+    for (let i = 0; i < els.length; i++) {
+      els[i].value = res.CSRFToken;
+    }
+  })();
+</script>
author	Brian Picciano <mediocregopher@gmail.com>	2022-05-24 17:27:03 -0600
committer	Brian Picciano <mediocregopher@gmail.com>	2022-05-24 17:27:03 -0600
commit	159638084e167047b86fd65382f50cd099d4eb48 (patch)
tree	d4653540894da749726f4f8be988fe6df8d195a7 /srv/src/http/tpl/load-csrf.html
parent	88ebaeda8f02e2c89dac44809fffb1f9ebb71bd0 (diff)