Merge pull request #120 from watercrossing/POSTFix

Declare forms to use method="POST" explicitly
2024-09-16 02:52:31 -04:00 · 2014-11-28 11:11:18 +00:00 · 2014-11-28 11:11:18 +00:00 · 793763f206
commit 793763f206
parent 20a5ad6e27 9d71073a5c
5 changed files with 7 additions and 5 deletions
--- a/services/web/app/views/user/login.jade
+++ b/services/web/app/views/user/login.jade
@ -8,7 +8,7 @@ block content
 					.card
 						.page-header
 							h1 #{translate("log_in")}
-						form(async-form="login", name="loginForm", action='/login', ng-cloak)
+						form(async-form="login", name="loginForm", action='/login', method="POST", ng-cloak)
 							input(name='_csrf', type='hidden', value=csrfToken)
 							input(name='redir', type='hidden', value=redir)
 							form-messages(for="loginForm")
--- a/services/web/app/views/user/passwordReset.jade
+++ b/services/web/app/views/user/passwordReset.jade
@ -13,6 +13,7 @@ block content
 							async-form="password-reset-request",
 							name="passwordResetForm"
 							action="/user/password/reset",
+							method="POST",
 							ng-cloak
 						)
 							input(type="hidden", name="_csrf", value=csrfToken)
--- a/services/web/app/views/user/register.jade
+++ b/services/web/app/views/user/register.jade
@ -20,7 +20,7 @@ block content
 					.card
 						.page-header
 							h1 #{translate("register")}
-						form(async-form="register", name="registerForm", action="/register", ng-cloak)
+						form(async-form="register", name="registerForm", action="/register", method="POST", ng-cloak)
 							input(name='_csrf', type='hidden', value=csrfToken)
 							input(name='redir', type='hidden', value=redir)
 							form-messages(for="registerForm")
--- a/services/web/app/views/user/setPassword.jade
+++ b/services/web/app/views/user/setPassword.jade
@ -12,6 +12,7 @@ block content
 							async-form="password-reset",
 							name="passwordResetForm",
 							action="/user/password/set",
+							method="POST",
 							ng-cloak
 						)
 							input(type="hidden", name="_csrf", value=csrfToken)
@ -41,4 +42,4 @@ block content
 								button.btn.btn-primary(
 									type='submit',
 									ng-disabled="passwordResetForm.$invalid"
-								) #{translate("set_new_password")}
+								) #{translate("set_new_password")}
--- a/services/web/app/views/user/settings.jade
+++ b/services/web/app/views/user/settings.jade
@ -17,7 +17,7 @@ block content
 								.row
 									.col-md-5
 										h3  #{translate("update_account_info")}
-										form(async-form="settings", name="settingsForm", action="/user/settings", novalidate)
+										form(async-form="settings", name="settingsForm", method="POST", action="/user/settings", novalidate)
 											input(type="hidden", name="_csrf", value=csrfToken)
 											.form-group
 												label(for='email')  #{translate("email")}
@ -54,7 +54,7 @@ block content

 									.col-md-5.col-md-offset-1
 										h3  #{translate("change_password")}
-										form(async-form="changepassword", name="changePasswordForm", action="/user/password/update", novalidate)
+										form(async-form="changepassword", name="changePasswordForm", action="/user/password/update", method="POST", novalidate)
 											input(type="hidden", name="_csrf", value=csrfToken)
 											.form-group
 												label(for='currentPassword') #{translate("current_password")}