ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

webapp: add CSRF token to imaging Clear-all form

Browse Source 
The dashboard Clear-all button posts to /imaging/delete-all but the form
was missing the hidden _csrf_token input that the rest of the webapp's
POST forms include, so the endpoint would reject the request when CSRF
enforcement is active.
This commit is contained in:
cproudlock
2026-05-24 07:04:20 -04:00
parent 54dddaa760
commit b57ba0fb6f
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
webapp/templates/imaging.html
View File

@@ -29,6 +29,7 @@ window.addEventListener('DOMContentLoaded', scheduleImagingReload);
<form method="post" action="{{ url_for('imaging_delete_all') }}" <form method="post" action="{{ url_for('imaging_delete_all') }}"
onsubmit="return confirm('Clear all {{ sessions|length }} imaging session(s)? This wipes every tile from the dashboard. Live re-images will repopulate on next status push.');" onsubmit="return confirm('Clear all {{ sessions|length }} imaging session(s)? This wipes every tile from the dashboard. Live re-images will repopulate on next status push.');"
style="display:inline;"> style="display:inline;">
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
<button type="submit" class="btn btn-sm btn-outline-danger">Clear all</button> <button type="submit" class="btn btn-sm btn-outline-danger">Clear all</button>
</form> </form>
{% endif %} {% endif %}