mirror of
https://github.com/neocities/neocities.git
synced 2025-04-24 17:22:35 +02:00
no csrf_token for create
This commit is contained in:
Kyle Drake
parent
2f0f5c2c01
commit
f4fcf94b1a
2 changed files with 3 additions and 2 deletions
4
app.rb
4
app.rb
|
|
@ -69,6 +69,8 @@ def redirect_to_internet_archive_for_geocities_sites
|
|||
end
|
||||
end
|
||||
|
||||
WHITELISTED_POST_PATHS = ['/create_validate_all', '/create_validate', '/create'].freeze
|
||||
|
||||
before do
|
||||
if request.path.match /^\/api\//i
|
||||
@api = true
|
||||
|
|
@ -83,7 +85,7 @@ before do
|
|||
redirect '/tutorial/html/1'
|
||||
else
|
||||
content_type :html, 'charset' => 'utf-8'
|
||||
redirect '/' if request.post? && !csrf_safe?
|
||||
redirect '/' if request.post? && !WHITELISTED_POST_PATHS.include?(request.path_info) && !csrf_safe?
|
||||
end
|
||||
|
||||
if params[:page]
|
||||
|
|
|
|||
|
|
@ -91,7 +91,6 @@
|
|||
</div>
|
||||
<% else %>
|
||||
<form id="createSiteForm" class="signup-Form" onsubmit="return false">
|
||||
<input type="hidden" name="csrf_token" value="<%= csrf_token %>">
|
||||
<input type="hidden" name="is_education" value="false">
|
||||
<fieldset class="content">
|
||||
<h2 class="gamma">Sign up for free</h2>
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue