feat: implement CSRF protection across forms and routes

2026-05-09 22:09:19 +02:00
parent a714c53a07
commit e445a5eaf4
14 changed files with 147 additions and 8 deletions
--- a/crates/adapters/template-askama/templates/following.html
+++ b/crates/adapters/template-askama/templates/following.html
@@ -17,6 +17,7 @@
  <a href="{{ actor.url }}" target="_blank" rel="noopener noreferrer">{{ actor.url }}</a>
  <form method="POST" action="/users/{{ user_id }}/unfollow" style="display:inline">
    <input type="hidden" name="actor_url" value="{{ actor.url }}">
+    <input type="hidden" name="_csrf" value="{{ ctx.csrf_token }}">
    <button type="submit">Unfollow</button>
  </form>
 </li>