diff options
author | Daniel Schadt <kingdread@gmx.de> | 2022-12-05 23:26:12 +0100 |
---|---|---|
committer | Daniel Schadt <kingdread@gmx.de> | 2022-12-05 23:26:12 +0100 |
commit | 019ca1100b09bd98c27ec90998906e21d360ae0a (patch) | |
tree | 352dc8fbdbee5e30d02a12020a7156fb8db70c2a | |
parent | a95a9768135bcaaa856a7cca98409a49250c96fa (diff) | |
download | fietsboek-019ca1100b09bd98c27ec90998906e21d360ae0a.tar.gz fietsboek-019ca1100b09bd98c27ec90998906e21d360ae0a.tar.bz2 fietsboek-019ca1100b09bd98c27ec90998906e21d360ae0a.zip |
fix CSRF issue for account creation
We forgot to include the CSRF token here.
-rw-r--r-- | fietsboek/templates/create_account.jinja2 | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fietsboek/templates/create_account.jinja2 b/fietsboek/templates/create_account.jinja2 index 17f96a9..d7b4177 100644 --- a/fietsboek/templates/create_account.jinja2 +++ b/fietsboek/templates/create_account.jinja2 @@ -1,8 +1,10 @@ {% extends "layout.jinja2" %} +{% import "util.jinja2" as util with context %} {% block content %} <div class="container"> <h1>{{ _("page.create_account.title") }}</h1> <form method="POST" action="{{ request.route_path('create-account') }}" class="needs-validation" novalidate> + {{ util.hidden_csrf_input() }} <div class="row mb-3 justify-content-center"> <div class="col-lg-5"> <div class="form-floating"> |