don't use csrf_exempt everywhere

2020-01-29 12:24:50 -08:00
parent f031b46b20
commit 7882bfe1ef
6 changed files with 8 additions and 12 deletions
--- a/fedireads/templates/edit_user.html
+++ b/fedireads/templates/edit_user.html
@@ -6,7 +6,7 @@
        <form name="avatar" action="/edit_profile/" method="post" enctype="multipart/form-data">
            {% csrf_token %}
            {{ form.as_p }}
-            <button type="submit">Upload</button>
+            <button type="submit">Update profile</button>
        </form>
    </div>
 </div>
--- a/fedireads/templates/layout.html
+++ b/fedireads/templates/layout.html
@@ -27,6 +27,7 @@
                <div id="account">
                    {% if user.is_authenticated %}
                    <form name="logout" action="/logout/" method="post">
+                        {% csrf_token %}
                        Welcome, <a href="/user/{{ request.user.localname }}">{{ request.user.localname }}</a>
                        <input type="submit" value="Log out"></input>
                    </form>
--- a/fedireads/templates/login.html
+++ b/fedireads/templates/login.html
@@ -3,6 +3,7 @@
 <div id="content">
    <div>
        <form name="login" method="post">
+            {% csrf_token %}
            {{ login_form.as_p }}
            <button type="submit">Log in</button>
        </form>
--- a/fedireads/templates/register.html
+++ b/fedireads/templates/register.html
@@ -3,6 +3,7 @@
 <div id="content">
    <div>
        <form name="register" method="post">
+            {% csrf_token %}
            {{ register_form.as_p }}
            <button type="submit">Create account</button>
        </form>