Skip to content

F
flask-admin
Commit 8b30967e authored by Serge S. Koval's avatar Serge S. Koval
Browse files
Options

Fixed #372 and #366. Emit csrf_token when rendering forms if it is present

parent cdb4a411
Hide whitespace changes
Inline Side-by-side
Showing with 8 additions and 1 deletion
flask_admin/templates/admin/actions.html
View file @ 8b30967e
...@@ -12,6 +12,9 @@ ...@@ -12,6 +12,9 @@
{% macro form(actions, url) %} {% macro form(actions, url) %}
{% if actions %} {% if actions %}
<form id="action_form" action="{{ url }}" method="POST" style="display: none"> <form id="action_form" action="{{ url }}" method="POST" style="display: none">
{% if csrf_token %}
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
{% endif %}
<input type="hidden" id="action" name="action" /> <input type="hidden" id="action" name="action" />
</form> </form>
{% endif %} {% endif %}
......
flask_admin/templates/admin/lib.html
View file @ 8b30967e
...@@ -112,7 +112,11 @@ ...@@ -112,7 +112,11 @@
{% if form.hidden_tag is defined %} {% if form.hidden_tag is defined %}
{{ form.hidden_tag() }} {{ form.hidden_tag() }}
{% else %} {% else %}
{% for f in form if f.type == 'HiddenField' %}
{% if csrf_token %}
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
{% endif %}
{% for f in form if f.type == 'HiddenField' %}
{{ f }} {{ f }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment