Added CSRF protection

2026-03-09 17:15:14 +01:00
parent 96214378d6
commit 99a1f2c5ab
4 changed files with 71 additions and 2 deletions
--- a/views/pages/admin.twig
+++ b/views/pages/admin.twig
@@ -32,6 +32,10 @@
                <a href="/admin/edit/{{ post.id }}" class="btn btn-sm btn-secondary">Éditer</a>

                <form method="post" action="/admin/delete/{{ post.id }}" style="display:inline;">
+                    {# Tokens CSRF #}
+                    <input type="hidden" name="{{ csrf.keys.name }}" value="{{ csrf.name }}">
+                    <input type="hidden" name="{{ csrf.keys.value }}" value="{{ csrf.value }}">
+
                    <button type="submit" class="btn btn-sm btn-danger"
                        onclick="return confirm('Supprimer cet article ?')">
                        Supprimer