Merge pull request #120 from watercrossing/POSTFix

Declare forms to use method="POST" explicitly
This commit is contained in:
James Allen 2014-11-28 11:11:18 +00:00
commit 793763f206
5 changed files with 7 additions and 5 deletions

View file

@ -8,7 +8,7 @@ block content
.card
.page-header
h1 #{translate("log_in")}
form(async-form="login", name="loginForm", action='/login', ng-cloak)
form(async-form="login", name="loginForm", action='/login', method="POST", ng-cloak)
input(name='_csrf', type='hidden', value=csrfToken)
input(name='redir', type='hidden', value=redir)
form-messages(for="loginForm")

View file

@ -13,6 +13,7 @@ block content
async-form="password-reset-request",
name="passwordResetForm"
action="/user/password/reset",
method="POST",
ng-cloak
)
input(type="hidden", name="_csrf", value=csrfToken)

View file

@ -20,7 +20,7 @@ block content
.card
.page-header
h1 #{translate("register")}
form(async-form="register", name="registerForm", action="/register", ng-cloak)
form(async-form="register", name="registerForm", action="/register", method="POST", ng-cloak)
input(name='_csrf', type='hidden', value=csrfToken)
input(name='redir', type='hidden', value=redir)
form-messages(for="registerForm")

View file

@ -12,6 +12,7 @@ block content
async-form="password-reset",
name="passwordResetForm",
action="/user/password/set",
method="POST",
ng-cloak
)
input(type="hidden", name="_csrf", value=csrfToken)
@ -41,4 +42,4 @@ block content
button.btn.btn-primary(
type='submit',
ng-disabled="passwordResetForm.$invalid"
) #{translate("set_new_password")}
) #{translate("set_new_password")}

View file

@ -17,7 +17,7 @@ block content
.row
.col-md-5
h3 #{translate("update_account_info")}
form(async-form="settings", name="settingsForm", action="/user/settings", novalidate)
form(async-form="settings", name="settingsForm", method="POST", action="/user/settings", novalidate)
input(type="hidden", name="_csrf", value=csrfToken)
.form-group
label(for='email') #{translate("email")}
@ -54,7 +54,7 @@ block content
.col-md-5.col-md-offset-1
h3 #{translate("change_password")}
form(async-form="changepassword", name="changePasswordForm", action="/user/password/update", novalidate)
form(async-form="changepassword", name="changePasswordForm", action="/user/password/update", method="POST", novalidate)
input(type="hidden", name="_csrf", value=csrfToken)
.form-group
label(for='currentPassword') #{translate("current_password")}