Commit 3739044a authored by Robin Sonnabend's avatar Robin Sonnabend
Browse files

Hide CSRFTokenFields from GET-Forms

Search Forms do not need CSRF tokens, and this way the (secret) token
does not end up in URLs people copy somewhere.
parent 49599e8b
......@@ -71,7 +71,7 @@ to not render a label for the CRSFTokenField -->
{% endfor %}
{%- endmacro %}
{% macro render_form_inner(field, labels_visible) -%}
{% macro render_form_inner(field, labels_visible, method) -%}
{% if field.type == 'BooleanField' %}
{{ render_checkbox_field(field) }}
{% elif field.type == 'RadioField' %}
......@@ -82,6 +82,10 @@ to not render a label for the CRSFTokenField -->
{% for f in field %}
{{render_form_inner(f, labels_visible=labels_visible)}}
{% endfor %}
{% elif field.type == 'CSRFTokenField' %}
{% if method != "GET" %}
{{ render_field(field, label_visible=labels_visible) }}
{% endif %}
{% else %}
{{ render_field(field, label_visible=labels_visible) }}
{% endif %}
......@@ -111,7 +115,7 @@ to not render a label for the CRSFTokenField -->
{{ caller() }}
{% else %}
{% for f in form %}
{{render_form_inner(f, labels_visible=labels_visible, textarea_rows=textarea_rows, **kwargs)}}
{{render_form_inner(f, labels_visible=labels_visible, textarea_rows=textarea_rows, method=method, **kwargs)}}
{% endfor %}
{% endif %}
<button type="submit" class="{{btn_class}}">{{action_text}}</button>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment