Improve CSRF tokens and add to more forms.

author: Matthew Somerville <matthew@mysociety.org> 2016-06-15 20:14:51 +0100
committer: Matthew Somerville <matthew-github@dracos.co.uk> 2016-07-06 12:58:57 +0100
commit: 9d8ae07980bccd58e11acbc82e60b651ed20c181 (patch)
tree: ccfa198d3ec4bc0a0d903b8c59d89efa32c3ccc7 /perllib/FixMyStreet/App/Controller/Report.pm
parent: f0911da291b55801e69132a4d6f0a312089fdc18 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Report.pm b/perllib/FixMyStreet/App/Controller/Report.pm
index b3e546c2c..89df4a52d 100644
--- a/perllib/FixMyStreet/App/Controller/Report.pm
+++ b/perllib/FixMyStreet/App/Controller/Report.pm
@@ -72,6 +72,7 @@ sub ajax : Path('ajax') : Args(1) {
 sub _display : Private {
     my ( $self, $c, $id ) = @_;
 
+    $c->forward('/auth/get_csrf_token');
     $c->forward( 'load_problem_or_display_error', [ $id ] );
     $c->forward( 'load_updates' );
     $c->forward( 'format_problem_for_display' );
@@ -249,6 +250,8 @@ users too about this change, at which point we can delete:
 sub delete :Local :Args(1) {
     my ( $self, $c, $id ) = @_;
 
+    $c->forward('/auth/check_csrf_token');
+
     $c->forward( 'load_problem_or_display_error', [ $id ] );
     my $p = $c->stash->{problem};
author	Matthew Somerville <matthew@mysociety.org>	2016-06-15 20:14:51 +0100
committer	Matthew Somerville <matthew-github@dracos.co.uk>	2016-07-06 12:58:57 +0100
commit	9d8ae07980bccd58e11acbc82e60b651ed20c181 (patch)
tree	ccfa198d3ec4bc0a0d903b8c59d89efa32c3ccc7 /perllib/FixMyStreet/App/Controller/Report.pm
parent	f0911da291b55801e69132a4d6f0a312089fdc18 (diff)