Enforce CSRF check for acknowledging toasts

2025-08-08 03:08:29 +02:00 · 2022-05-20 16:51:50 +02:00
parent e14458f5cd
commit 117160ea87
4 changed files with 29 additions and 9 deletions
--- a/bookmarks/views/toasts.py
+++ b/bookmarks/views/toasts.py
@@ -7,7 +7,8 @@ from bookmarks.utils import get_safe_return_url


@login_required
-def acknowledge(request, toast_id: int):
+def acknowledge(request):
+    toast_id = request.POST['toast']
    try:
        toast = Toast.objects.get(pk=toast_id, owner=request.user)
    except Toast.DoesNotExist: