feat: implement CSRF protection across forms and routes

2026-05-09 22:09:19 +02:00
parent e8874f9220
commit d89d373a91
14 changed files with 147 additions and 8 deletions
--- a/crates/adapters/template-askama/templates/login.html
+++ b/crates/adapters/template-askama/templates/login.html
@@ -13,6 +13,7 @@
    Password<br>
    <input type="password" name="password" required autocomplete="current-password">
  </label>
+  <input type="hidden" name="_csrf" value="{{ ctx.csrf_token }}">
  <button type="submit">Login</button>
 </form>
 {% endblock %}