summaryrefslogtreecommitdiff
path: root/srv/src/http/tpl
diff options
context:
space:
mode:
authorBrian Picciano <mediocregopher@gmail.com>2022-05-24 17:42:00 -0600
committerBrian Picciano <mediocregopher@gmail.com>2022-05-24 17:42:00 -0600
commit08811a6da78c3f1f973b8f50a337ff4dc4ed9e2c (patch)
tree3fc8fa9025dbdc8099ea145e232f8b25547204b5 /srv/src/http/tpl
parent159638084e167047b86fd65382f50cd099d4eb48 (diff)
Replace CSRF token checking with Referer checking
Diffstat (limited to 'srv/src/http/tpl')
-rw-r--r--srv/src/http/tpl/assets.html6
-rw-r--r--srv/src/http/tpl/edit-post.html4
-rw-r--r--srv/src/http/tpl/load-csrf.html13
-rw-r--r--srv/src/http/tpl/posts.html5
4 files changed, 0 insertions, 28 deletions
diff --git a/srv/src/http/tpl/assets.html b/srv/src/http/tpl/assets.html
index 86e0ba5..41d470c 100644
--- a/srv/src/http/tpl/assets.html
+++ b/srv/src/http/tpl/assets.html
@@ -1,7 +1,5 @@
{{ define "body" }}
-{{ $csrfFormInput := .CSRFFormInput }}
-
<h2>Upload Asset</h2>
<p>
@@ -10,7 +8,6 @@
</p>
<form action="{{ BlogURL "assets/" }}" method="POST" enctype="multipart/form-data">
- {{ $csrfFormInput }}
<div class="row">
<div class="four columns">
<input type="text" placeholder="Unique ID" name="id" />
@@ -37,7 +34,6 @@
method="POST"
style="margin-bottom: 0;"
>
- {{ $csrfFormInput }}
<input type="submit" value="Delete" />
</form>
</td>
@@ -46,8 +42,6 @@
</table>
-{{ template "load-csrf.html" . }}
-
{{ end }}
{{ template "base.html" . }}
diff --git a/srv/src/http/tpl/edit-post.html b/srv/src/http/tpl/edit-post.html
index 48af882..1a81df4 100644
--- a/srv/src/http/tpl/edit-post.html
+++ b/srv/src/http/tpl/edit-post.html
@@ -2,8 +2,6 @@
<form method="POST" action="{{ BlogURL "posts/" }}">
- {{ .CSRFFormInput }}
-
<div class="row">
<div class="columns six">
@@ -99,8 +97,6 @@
</form>
- {{ template "load-csrf.html" . }}
-
{{ end }}
{{ template "base.html" . }}
diff --git a/srv/src/http/tpl/load-csrf.html b/srv/src/http/tpl/load-csrf.html
deleted file mode 100644
index b0757f9..0000000
--- a/srv/src/http/tpl/load-csrf.html
+++ /dev/null
@@ -1,13 +0,0 @@
-<script async type="module" src="{{ StaticURL "api.js" }}"></script>
-
-<script type="text/javascript">
- (async () => {
- const api = await import("{{ StaticURL "api.js" }}");
- const res = await api.call("/api/csrf");
-
- const els = document.getElementsByClassName("csrfHiddenInput");
- for (let i = 0; i < els.length; i++) {
- els[i].value = res.CSRFToken;
- }
- })();
-</script>
diff --git a/srv/src/http/tpl/posts.html b/srv/src/http/tpl/posts.html
index 0609ff6..885018d 100644
--- a/srv/src/http/tpl/posts.html
+++ b/srv/src/http/tpl/posts.html
@@ -18,8 +18,6 @@
{{ define "body" }}
- {{ $csrfFormInput := .CSRFFormInput }}
-
<p style="text-align: center;">
<a href="{{ BlogURL "posts/" }}?edit">
<button>New Post</button>
@@ -44,7 +42,6 @@
action="{{ PostURL .ID }}?method=delete"
method="POST"
>
- {{ $csrfFormInput }}
<input type="submit" value="Delete" />
</form>
</td>
@@ -55,8 +52,6 @@
{{ template "posts-nextprev" . }}
- {{ template "load-csrf.html" . }}
-
{{ end }}
{{ template "base.html" . }}