From 159638084e167047b86fd65382f50cd099d4eb48 Mon Sep 17 00:00:00 2001
From: Brian Picciano <mediocregopher@gmail.com>
Date: Tue, 24 May 2022 17:27:03 -0600
Subject: Fix CSRF loading on static GET pages

---
 srv/src/http/tpl.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'srv/src/http/tpl.go')

diff --git a/srv/src/http/tpl.go b/srv/src/http/tpl.go
index 5c235a1..8654569 100644
--- a/srv/src/http/tpl.go
+++ b/srv/src/http/tpl.go
@@ -100,6 +100,7 @@ func (a *api) mustParseTpl(name string) *template.Template {
 
 func (a *api) mustParseBasedTpl(name string) *template.Template {
 	tpl := a.mustParseTpl(name)
+	tpl = template.Must(tpl.New("load-csrf.html").Parse(mustReadTplFile("load-csrf.html")))
 	tpl = template.Must(tpl.New("base.html").Parse(mustReadTplFile("base.html")))
 	return tpl
 }
@@ -111,8 +112,8 @@ type tplData struct {
 
 func (t tplData) CSRFFormInput() template.HTML {
 	return template.HTML(fmt.Sprintf(
-		`<input type="hidden" name="%s" value="%s" />`,
-		csrfTokenFormName, t.CSRFToken,
+		`<input type="hidden" name="%s" class="csrfHiddenInput" />`,
+		csrfTokenFormName,
 	))
 }
 
-- 
cgit v1.2.3