Improve CSRF tokens and add to more forms.

author: Matthew Somerville <matthew@mysociety.org> 2016-06-15 20:14:51 +0100
committer: Matthew Somerville <matthew-github@dracos.co.uk> 2016-06-20 18:13:04 +0100
commit: 4deacd970890447947704692d55bea0a2b3d14ec (patch)
tree: 3bc517215313b522a6bb649d155e90705b137e6d /perllib/FixMyStreet/App/Controller/Report.pm
parent: 99a5a6bb34da2afacb25b7348e5a4e1d5a913eb8 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Report.pm b/perllib/FixMyStreet/App/Controller/Report.pm
index b3e546c2c..89df4a52d 100644
--- a/perllib/FixMyStreet/App/Controller/Report.pm
+++ b/perllib/FixMyStreet/App/Controller/Report.pm
@@ -72,6 +72,7 @@ sub ajax : Path('ajax') : Args(1) {
 sub _display : Private {
     my ( $self, $c, $id ) = @_;
 
+    $c->forward('/auth/get_csrf_token');
     $c->forward( 'load_problem_or_display_error', [ $id ] );
     $c->forward( 'load_updates' );
     $c->forward( 'format_problem_for_display' );
@@ -249,6 +250,8 @@ users too about this change, at which point we can delete:
 sub delete :Local :Args(1) {
     my ( $self, $c, $id ) = @_;
 
+    $c->forward('/auth/check_csrf_token');
+
     $c->forward( 'load_problem_or_display_error', [ $id ] );
     my $p = $c->stash->{problem};
author	Matthew Somerville <matthew@mysociety.org>	2016-06-15 20:14:51 +0100
committer	Matthew Somerville <matthew-github@dracos.co.uk>	2016-06-20 18:13:04 +0100
commit	4deacd970890447947704692d55bea0a2b3d14ec (patch)
tree	3bc517215313b522a6bb649d155e90705b137e6d /perllib/FixMyStreet/App/Controller/Report.pm
parent	99a5a6bb34da2afacb25b7348e5a4e1d5a913eb8 (diff)