add csrf check
This commit is contained in:
kenneth
@@ -4,6 +4,7 @@
|
||||
<h1>登录</h1>
|
||||
<div class="col-sm-4 py-md-5">
|
||||
<form action="/login" method="post">
|
||||
{{ .CSRFField }}
|
||||
<div class="form-group">
|
||||
<div class="input-group">
|
||||
<div class="input-group-prepend">
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
<h1>注册</h1>
|
||||
<div class="col-sm-4 py-md-5">
|
||||
<form action="/register" method="post">
|
||||
{{ .CSRFField }}
|
||||
<div class="form-group">
|
||||
<div class="input-group">
|
||||
<div class="input-group-prepend">
|
||||
|
||||
@@ -7,6 +7,7 @@
|
||||
</div>
|
||||
<div class="col-sm-6 py-md-5 flex flex-column justify-content">
|
||||
<form action="/me/videos/update" method="post">
|
||||
{{ .CSRFField }}
|
||||
{{if .ID}}
|
||||
<div class="form-group">
|
||||
<div class="input-group">
|
||||
|
||||
@@ -35,6 +35,9 @@
|
||||
</div>
|
||||
</div>
|
||||
{{end}}
|
||||
<div class="hidden">
|
||||
{{ .CSRFField }}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@@ -44,9 +47,13 @@
|
||||
let that = $(this)
|
||||
that.attr("disable", true).html('转码中...')
|
||||
let id = that.attr("data-id")
|
||||
let csrfToken = $('input[name="gorilla.csrf.Token"]').val()
|
||||
$.ajax({
|
||||
url: '/transfer/' + id,
|
||||
type: 'post',
|
||||
headers: {
|
||||
"X-CSRF-Token": csrfToken
|
||||
},
|
||||
success: function (obj) {
|
||||
$('#msg').html(obj)
|
||||
},
|
||||
@@ -59,9 +66,13 @@
|
||||
let that = $(this)
|
||||
that.attr("disable", true).html('删除中...')
|
||||
let id = that.attr("data-id")
|
||||
let csrfToken = $('input[name="gorilla.csrf.Token"]').val()
|
||||
$.ajax({
|
||||
url: '/me/videos/delete',
|
||||
type: 'post',
|
||||
headers: {
|
||||
"X-CSRF-Token": csrfToken
|
||||
},
|
||||
contentType: 'application/json',
|
||||
dataType: 'json',
|
||||
data:JSON.stringify({"id": id}),
|
||||
|
||||
Reference in New Issue
Block a user