aboutsummaryrefslogtreecommitdiff
path: root/src/main/resources/templates/views
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2022-12-20 02:21:22 +0300
committerGravatar Vitaly Takmazov2022-12-20 02:21:22 +0300
commitf0e10dc93f400e8ba979760a1c7af9d6e53cd1ef (patch)
treef5acdbc7137bcb2622fc0bac4512649e9fa3d1a0 /src/main/resources/templates/views
parent95b44e16a48c32b7e78a42cacb7a1dbaa41ce272 (diff)
Do not use multipart forms where possible
* Pass csrf token as parameter to multipart form
Diffstat (limited to 'src/main/resources/templates/views')
-rw-r--r--src/main/resources/templates/views/settings_about.html3
-rw-r--r--src/main/resources/templates/views/settings_main.html10
2 files changed, 6 insertions, 7 deletions
diff --git a/src/main/resources/templates/views/settings_about.html b/src/main/resources/templates/views/settings_about.html
index 94cd9058..846a3d11 100644
--- a/src/main/resources/templates/views/settings_about.html
+++ b/src/main/resources/templates/views/settings_about.html
@@ -1,8 +1,7 @@
{% extends "layouts/default" %}
{% block content %}
<article>
- <form action="/settings" method="POST" enctype="multipart/form-data">
- <input type="hidden" name="{{_csrf.parameterName}}" value="{{_csrf.token}}" />
+ <form action="/settings?{{_csrf.parameterName}}={{_csrf.token}}" method="POST" enctype="multipart/form-data">
<p>Full name: <input type="text" name="fullname" value="{{ userinfo.fullName }}"/></p>
<p>Country: <input type="text" name="country" value="{{ userinfo.country }}"/></p>
<p>URL: <input type="text" name="url" value="{{ userinfo.url }}" size="32"/><br/>
diff --git a/src/main/resources/templates/views/settings_main.html b/src/main/resources/templates/views/settings_main.html
index a0315244..c819177e 100644
--- a/src/main/resources/templates/views/settings_main.html
+++ b/src/main/resources/templates/views/settings_main.html
@@ -5,7 +5,7 @@
{%if not visitor.verified %}
<h2 style="color: red; padding: 20px;">Verify your account by adding email or social account</h2>
{% endif %}
- <form action="/settings" method="POST" enctype="multipart/form-data">
+ <form action="/settings" method="POST">
<input type="hidden" name="{{_csrf.parameterName}}" value="{{_csrf.token}}" />
<fieldset>
<legend>Notification options</legend>
@@ -35,7 +35,7 @@
{% endif %}
</fieldset>
{% if jids | length > 0 %}
- <form action="/settings" method="POST" enctype="multipart/form-data">
+ <form action="/settings" method="POST">
<input type="hidden" name="{{_csrf.parameterName}}" value="{{_csrf.token}}" />
<fieldset>
<legend style="background: url(//static.juick.com/settings/xmpp.png) no-repeat; padding-left: 58px; line-height: 48px;">
@@ -65,7 +65,7 @@
<legend style="background: url(//static.juick.com/settings/email.png) no-repeat; padding-left: 58px; line-height: 48px;">
E-mail
</legend>
- <form action="/settings" method="POST" enctype="multipart/form-data">
+ <form action="/settings" method="POST">
<input type="hidden" name="{{_csrf.parameterName}}" value="{{_csrf.token}}" />
<p>Add account:<br/>
<input type="text" name="account"/>
@@ -73,7 +73,7 @@
<input type="submit" value=" Add " class="Button" />
</p>
</form>
- <form action="/settings" method="POST" enctype="multipart/form-data">
+ <form action="/settings" method="POST">
<input type="hidden" name="{{_csrf.parameterName}}" value="{{_csrf.token}}" />
<p>Your accounts:</p>
<p>
@@ -91,7 +91,7 @@
</form>
{% if emails is not empty %}
<!--email_off-->
- <form action="/settings" method="POST" enctype="multipart/form-data">
+ <form action="/settings" method="POST">
<input type="hidden" name="{{_csrf.parameterName}}" value="{{_csrf.token}}" />
<p>You can receive notifications to email:<br/>
Sent to <select name="account">