custom JS removed in favor of proper CSRF implementation

2026-06-21 18:22:21 +02:00
parent 86888b3877
commit db6b609937
25 changed files with 94 additions and 72 deletions
--- a/assets/views/auth/login.html
+++ b/assets/views/auth/login.html
@@ -30,6 +30,7 @@
      {% endif %}

      <form method="post" action="/login" hx-boost="false" class="mt-4 flex flex-col gap-4">
+        {{ ui::csrf_field() }}
        <div class="flex flex-col gap-1">
          <label for="email"
            class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
--- a/assets/views/auth/login_totp.html
+++ b/assets/views/auth/login_totp.html
@@ -28,6 +28,7 @@
      {% endif %}

      <form method="post" action="/login/totp" hx-boost="false" class="mt-4 flex flex-col gap-4">
+  {{ ui::csrf_field() }}
        <div class="flex flex-col gap-1">
          <label for="code"
            class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
--- a/assets/views/auth/register.html
+++ b/assets/views/auth/register.html
@@ -32,6 +32,7 @@

      <form method="post" action="/register" hx-boost="false" class="mt-4 flex flex-col gap-4"
        x-data="{ password: '', confirm: '' }">
+  {{ ui::csrf_field() }}
        <div class="flex flex-col gap-1.5">
          <span class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-type", lang=lang | default(value='sk')) }}</span>
          <div class="grid grid-cols-2 gap-2">
--- a/assets/views/auth/resend_verification.html
+++ b/assets/views/auth/resend_verification.html
@@ -24,6 +24,7 @@
      {% else %}
      <p class="mt-1 text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="resend-verification-intro", lang=lang | default(value='sk')) }}</p>
      <form method="post" action="/resend-verification" hx-boost="false" class="mt-4 flex flex-col gap-4">
+  {{ ui::csrf_field() }}
        <div class="flex flex-col gap-1">
          <label for="email" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="login-email", lang=lang | default(value='sk')) }}</label>
          {{ ui::input(name="email", id="email", type="email", required=true, autocomplete="email", attrs="autofocus") }}
--- a/assets/views/auth/set_password.html
+++ b/assets/views/auth/set_password.html
@@ -29,6 +29,7 @@
      {% endif %}

      <form method="post" action="/set-password" hx-boost="false" class="mt-4 flex flex-col gap-4">
+  {{ ui::csrf_field() }}
        <input type="hidden" name="token" value="{{ token }}">
        <div class="flex flex-col gap-1">
          <label for="password" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="set-password-new", lang=lang | default(value='sk')) }}</label>