aboutsummaryrefslogtreecommitdiff
path: root/src/views
diff options
context:
space:
mode:
authorPaul Duncan <pabs@pablotron.org>2016-05-21 13:05:20 -0400
committerPaul Duncan <pabs@pablotron.org>2016-05-21 13:05:20 -0400
commitb1d1a7c6c5c13c1496fa87a0eddaf4e724ecb299 (patch)
tree9ab1bac834199321fa6d3cb8568def02ed200cc6 /src/views
parent59e64495121447c988d6aef243b7b3c17cb5f483 (diff)
downloadguff-b1d1a7c6c5c13c1496fa87a0eddaf4e724ecb299.tar.bz2
guff-b1d1a7c6c5c13c1496fa87a0eddaf4e724ecb299.zip
add csrf protection to login page
Diffstat (limited to 'src/views')
-rw-r--r--src/views/login-page.ecr6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/views/login-page.ecr b/src/views/login-page.ecr
index 9f2082a..e0404ce 100644
--- a/src/views/login-page.ecr
+++ b/src/views/login-page.ecr
@@ -75,6 +75,12 @@
Log In
</button>
</div><!-- form-group -->
+
+ <input
+ type='hidden'
+ name='csrf_token'
+ value='<%= h(get_csrf_token) %>'
+ />
</form>
</div><!-- panel-body -->
</div><!-- panel -->