feat: implement CSRF protection across forms and routes

2026-05-09 22:09:19 +02:00
parent a714c53a07
commit e445a5eaf4
14 changed files with 147 additions and 8 deletions
--- a/crates/adapters/template-askama/templates/diary.html
+++ b/crates/adapters/template-askama/templates/diary.html
@@ -30,6 +30,7 @@
      {% if let Some(uid) = ctx.user_id %}
        {% if *uid == entry.review().user_id().value() %}
        <form method="post" action="/reviews/{{ entry.review().id().value() }}/delete" class="delete-form">
+          <input type="hidden" name="_csrf" value="{{ ctx.csrf_token }}">
          <button type="submit">Delete</button>
        </form>
        {% endif %}