Fix CSRF loading on static GET pages

4 files changed, 19 insertions, 1 deletions

diff --git a/srv/src/http/tpl/assets.html b/srv/src/http/tpl/assets.html
index aa5e422..86e0ba5 100644
--- a/srv/src/http/tpl/assets.html
+++ b/srv/src/http/tpl/assets.html
@@ -46,6 +46,8 @@
 
 </table>
 
+{{ template "load-csrf.html" . }}
+
 {{ end }}
 
 {{ template "base.html" . }}
diff --git a/srv/src/http/tpl/edit-post.html b/srv/src/http/tpl/edit-post.html
index 114369a..48af882 100644
--- a/srv/src/http/tpl/edit-post.html
+++ b/srv/src/http/tpl/edit-post.html
@@ -99,6 +99,8 @@
 
   </form>
 
+  {{ template "load-csrf.html" . }}
+
 {{ end }}
 
 {{ template "base.html" . }}
diff --git a/srv/src/http/tpl/load-csrf.html b/srv/src/http/tpl/load-csrf.html
new file mode 100644
index 0000000..b0757f9
--- /dev/null
+++ b/srv/src/http/tpl/load-csrf.html
@@ -0,0 +1,13 @@
+<script async type="module" src="{{ StaticURL "api.js" }}"></script>
+
+<script type="text/javascript">
+  (async () => {
+    const api = await import("{{ StaticURL "api.js" }}");
+    const res = await api.call("/api/csrf");
+
+    const els = document.getElementsByClassName("csrfHiddenInput");
+    for (let i = 0; i < els.length; i++) {
+      els[i].value = res.CSRFToken;
+    }
+  })();
+</script>
diff --git a/srv/src/http/tpl/posts.html b/srv/src/http/tpl/posts.html
index c3aad0c..0609ff6 100644
--- a/srv/src/http/tpl/posts.html
+++ b/srv/src/http/tpl/posts.html
@@ -20,7 +20,6 @@
 
   {{ $csrfFormInput := .CSRFFormInput }}
 
-
   <p style="text-align: center;">
     <a href="{{ BlogURL "posts/" }}?edit">
       <button>New Post</button>
@@ -56,6 +55,8 @@
 
   {{ template "posts-nextprev" . }}
 
+  {{ template "load-csrf.html" . }}
+
 {{ end }}
 
 {{ template "base.html" . }}