Enforce CSRF check for acknowledging toasts

2025-08-13 13:39:27 +02:00 · 2022-05-20 16:51:50 +02:00
parent e14458f5cd
commit 117160ea87
4 changed files with 29 additions and 9 deletions
--- a/bookmarks/templates/bookmarks/layout.html
+++ b/bookmarks/templates/bookmarks/layout.html
@@ -30,12 +30,15 @@
 <header>
    {% if has_toasts %}
    <div class="toasts container grid-lg">
+      <form action="{% url 'bookmarks:toasts.acknowledge' %}?return_url={{ request.path | urlencode }}" method="post">
+        {% csrf_token %}
        {% for toast in toast_messages %}
            <div class="toast">
                {{ toast.message }}
-                <a href="{% url 'bookmarks:toasts.acknowledge' toast.id %}?return_url={{ request.path | urlencode }}" class="btn btn-clear float-right"></a>
+                <button type="submit" name="toast" value="{{ toast.id }}" class="btn btn-clear float-right"></button>
            </div>
        {% endfor %}
+      </form>
    </div>
    {% endif %}
    <div class="navbar container grid-lg">