Added CSRF protection

2026-03-09 17:15:14 +01:00
parent 96214378d6
commit 99a1f2c5ab
4 changed files with 71 additions and 2 deletions
--- a/views/pages/admin.twig
+++ b/views/pages/admin.twig
@@ -32,6 +32,10 @@
                <a href="/admin/edit/{{ post.id }}" class="btn btn-sm btn-secondary">Éditer</a>

                <form method="post" action="/admin/delete/{{ post.id }}" style="display:inline;">
+                    {# Tokens CSRF #}
+                    <input type="hidden" name="{{ csrf.keys.name }}" value="{{ csrf.name }}">
+                    <input type="hidden" name="{{ csrf.keys.value }}" value="{{ csrf.value }}">
+
                    <button type="submit" class="btn btn-sm btn-danger"
                        onclick="return confirm('Supprimer cet article ?')">
                        Supprimer
--- a/views/pages/post_form.twig
+++ b/views/pages/post_form.twig
@@ -20,6 +20,10 @@ Créer un article

 {# Formulaire identifié pour le script JavaScript #}
 <form id="articleForm" method="post" action="{{ action }}">
+    {# Tokens CSRF #}
+    <input type="hidden" name="{{ csrf.keys.name }}" value="{{ csrf.name }}">
+    <input type="hidden" name="{{ csrf.keys.value }}" value="{{ csrf.value }}">
+
    <p>
        <label for="title">Titre<br>
            <input type="text" id="title" name="title" value="{{ post.title|default('') }}" required maxlength="255">