Improve CSRF tokens and add to more forms.

author: Matthew Somerville <matthew@mysociety.org> 2016-06-15 20:14:51 +0100
committer: Matthew Somerville <matthew-github@dracos.co.uk> 2016-07-06 12:58:57 +0100
commit: 9d8ae07980bccd58e11acbc82e60b651ed20c181 (patch)
tree: ccfa198d3ec4bc0a0d903b8c59d89efa32c3ccc7 /perllib/FixMyStreet/App/Controller/Alert.pm
parent: f0911da291b55801e69132a4d6f0a312089fdc18 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Alert.pm b/perllib/FixMyStreet/App/Controller/Alert.pm
index ddda02abd..b578fbbcc 100644
--- a/perllib/FixMyStreet/App/Controller/Alert.pm
+++ b/perllib/FixMyStreet/App/Controller/Alert.pm
@@ -36,6 +36,8 @@ sub index : Path('') : Args(0) {
 sub list : Path('list') : Args(0) {
     my ( $self, $c ) = @_;
 
+    $c->forward('/auth/get_csrf_token');
+
     return
       unless $c->forward('setup_request')
           && $c->forward('prettify_pc')
@@ -112,6 +114,8 @@ Sign up to email alerts
 sub subscribe_email : Private {
     my ( $self, $c ) = @_;
 
+    $c->forward('/auth/check_csrf_token');
+
     $c->stash->{errors} = [];
     $c->forward('process_user');
 
@@ -146,6 +150,8 @@ sub subscribe_email : Private {
 sub updates : Path('updates') : Args(0) {
     my ( $self, $c ) = @_;
 
+    $c->forward('/auth/get_csrf_token');
+
     $c->stash->{email} = $c->get_param('rznvy');
     $c->stash->{problem_id} = $c->get_param('id');
 }
author	Matthew Somerville <matthew@mysociety.org>	2016-06-15 20:14:51 +0100
committer	Matthew Somerville <matthew-github@dracos.co.uk>	2016-07-06 12:58:57 +0100
commit	9d8ae07980bccd58e11acbc82e60b651ed20c181 (patch)
tree	ccfa198d3ec4bc0a0d903b8c59d89efa32c3ccc7 /perllib/FixMyStreet/App/Controller/Alert.pm
parent	f0911da291b55801e69132a4d6f0a312089fdc18 (diff)