Fix master merge template/forms to include CSRF token
This commit is contained in:
parent
2fbf719d61
commit
113f474e8b
|
@ -56,6 +56,7 @@
|
|||
<%def name="grid_tools()">
|
||||
% if master.mergeable and request.has_perm('{}.merge'.format(permission_prefix)):
|
||||
${h.form(url('{}.merge'.format(route_prefix)), name='merge-things')}
|
||||
${h.csrf_token(request)}
|
||||
${h.hidden('uuids')}
|
||||
<button type="submit">Merge 2 ${model_title_plural}</button>
|
||||
${h.end_form()}
|
||||
|
|
|
@ -132,6 +132,7 @@
|
|||
</table>
|
||||
|
||||
${h.form(request.current_route_url(), class_='merge')}
|
||||
${h.csrf_token(request)}
|
||||
<div class="buttons">
|
||||
${h.hidden('uuids', value='{},{}'.format(object_to_remove.uuid, object_to_keep.uuid))}
|
||||
<a class="button" href="${index_url}">Whoops, nevermind</a>
|
||||
|
|
Loading…
Reference in a new issue