Disable csrf where user is not logged in; Show CSRF errors in forms.

author: Marian Sigler <m@qjym.de> 2012-09-28 03:12:52 +0200
committer: Marian Sigler <m@qjym.de> 2012-09-28 03:16:12 +0200
commit: 2676e1d7130160673c408987c4aeef83f9f57b6d (patch)
tree: 73937f3ae6d5d4f70157b213bdad9c65545200bc /templates/settings.html
parent: a9b2f0624d5f9095747e9c2a8518199375c5e815 (diff)
download: web-2676e1d7130160673c408987c4aeef83f9f57b6d.tar.gz
web-2676e1d7130160673c408987c4aeef83f9f57b6d.tar.bz2
web-2676e1d7130160673c408987c4aeef83f9f57b6d.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/templates/settings.html b/templates/settings.html
index 4dacea9..3189d6a 100644
--- a/templates/settings.html
+++ b/templates/settings.html
@@ -1,5 +1,5 @@
 {%- extends 'base.html' %}
-{%- from '_macros.html' import render_field %}
+{%- from '_macros.html' import render_field, render_csrf %}
 {%- set title = 'Einstellungen' %}
 {%- block content %}
 <form action="{{ url_for('settings') }}" method="post" class="form-horizontal">
@@ -7,7 +7,7 @@
   {{ render_field(form.mail) }}
   {{ render_field(form.password) }}
   {{ render_field(form.password_confirm) }}
-  {{ form.csrf_token }}
+  {{ render_csrf(form) }}
   <div class="form-actions"><input type="submit" value="Speichern" name="submit_main" /></div>
 
   <!--
author	Marian Sigler <m@qjym.de>	2012-09-28 03:12:52 +0200
committer	Marian Sigler <m@qjym.de>	2012-09-28 03:16:12 +0200
commit	2676e1d7130160673c408987c4aeef83f9f57b6d (patch)
tree	73937f3ae6d5d4f70157b213bdad9c65545200bc /templates/settings.html
parent	a9b2f0624d5f9095747e9c2a8518199375c5e815 (diff)
download	web-2676e1d7130160673c408987c4aeef83f9f57b6d.tar.gz web-2676e1d7130160673c408987c4aeef83f9f57b6d.tar.bz2 web-2676e1d7130160673c408987c4aeef83f9f57b6d.zip