diff options
author | Brian Picciano <mediocregopher@gmail.com> | 2022-05-24 17:42:00 -0600 |
---|---|---|
committer | Brian Picciano <mediocregopher@gmail.com> | 2022-05-24 17:42:00 -0600 |
commit | 08811a6da78c3f1f973b8f50a337ff4dc4ed9e2c (patch) | |
tree | 3fc8fa9025dbdc8099ea145e232f8b25547204b5 /srv/src/http/tpl | |
parent | 159638084e167047b86fd65382f50cd099d4eb48 (diff) |
Replace CSRF token checking with Referer checking
Diffstat (limited to 'srv/src/http/tpl')
-rw-r--r-- | srv/src/http/tpl/assets.html | 6 | ||||
-rw-r--r-- | srv/src/http/tpl/edit-post.html | 4 | ||||
-rw-r--r-- | srv/src/http/tpl/load-csrf.html | 13 | ||||
-rw-r--r-- | srv/src/http/tpl/posts.html | 5 |
4 files changed, 0 insertions, 28 deletions
diff --git a/srv/src/http/tpl/assets.html b/srv/src/http/tpl/assets.html index 86e0ba5..41d470c 100644 --- a/srv/src/http/tpl/assets.html +++ b/srv/src/http/tpl/assets.html @@ -1,7 +1,5 @@ {{ define "body" }} -{{ $csrfFormInput := .CSRFFormInput }} - <h2>Upload Asset</h2> <p> @@ -10,7 +8,6 @@ </p> <form action="{{ BlogURL "assets/" }}" method="POST" enctype="multipart/form-data"> - {{ $csrfFormInput }} <div class="row"> <div class="four columns"> <input type="text" placeholder="Unique ID" name="id" /> @@ -37,7 +34,6 @@ method="POST" style="margin-bottom: 0;" > - {{ $csrfFormInput }} <input type="submit" value="Delete" /> </form> </td> @@ -46,8 +42,6 @@ </table> -{{ template "load-csrf.html" . }} - {{ end }} {{ template "base.html" . }} diff --git a/srv/src/http/tpl/edit-post.html b/srv/src/http/tpl/edit-post.html index 48af882..1a81df4 100644 --- a/srv/src/http/tpl/edit-post.html +++ b/srv/src/http/tpl/edit-post.html @@ -2,8 +2,6 @@ <form method="POST" action="{{ BlogURL "posts/" }}"> - {{ .CSRFFormInput }} - <div class="row"> <div class="columns six"> @@ -99,8 +97,6 @@ </form> - {{ template "load-csrf.html" . }} - {{ end }} {{ template "base.html" . }} diff --git a/srv/src/http/tpl/load-csrf.html b/srv/src/http/tpl/load-csrf.html deleted file mode 100644 index b0757f9..0000000 --- a/srv/src/http/tpl/load-csrf.html +++ /dev/null @@ -1,13 +0,0 @@ -<script async type="module" src="{{ StaticURL "api.js" }}"></script> - -<script type="text/javascript"> - (async () => { - const api = await import("{{ StaticURL "api.js" }}"); - const res = await api.call("/api/csrf"); - - const els = document.getElementsByClassName("csrfHiddenInput"); - for (let i = 0; i < els.length; i++) { - els[i].value = res.CSRFToken; - } - })(); -</script> diff --git a/srv/src/http/tpl/posts.html b/srv/src/http/tpl/posts.html index 0609ff6..885018d 100644 --- a/srv/src/http/tpl/posts.html +++ b/srv/src/http/tpl/posts.html @@ -18,8 +18,6 @@ {{ define "body" }} - {{ $csrfFormInput := .CSRFFormInput }} - <p style="text-align: center;"> <a href="{{ BlogURL "posts/" }}?edit"> <button>New Post</button> @@ -44,7 +42,6 @@ action="{{ PostURL .ID }}?method=delete" method="POST" > - {{ $csrfFormInput }} <input type="submit" value="Delete" /> </form> </td> @@ -55,8 +52,6 @@ {{ template "posts-nextprev" . }} - {{ template "load-csrf.html" . }} - {{ end }} {{ template "base.html" . }} |