Enable csrf protection

2025-08-04 13:17:50 +02:00 · 2023-10-28 13:56:43 +02:00
parent ec8684dbc0
commit 03fc82c38d
3 changed files with 4 additions and 4 deletions
--- a/ram/portal/templates/includes/search.html
+++ b/ram/portal/templates/includes/search.html
@@ -1,4 +1,4 @@
-          <form class="d-flex needs-validation" action="{% url 'search' %}" method="post" novalidate>
+          <form class="d-flex needs-validation" action="{% url 'search' %}" method="post" novalidate>{% csrf_token %}
            <div class="input-group has-validation">
              <input class="form-control" type="search" list="datalistOptions" placeholder="Search" aria-label="Search" name="search" id="searchValidation" required>
              <datalist id="datalistOptions">
--- a/ram/ram/init.py
+++ b/ram/ram/init.py
@@ -1,4 +1,4 @@
 from ram.utils import git_suffix

-__version__ = "0.9.2"
+__version__ = "0.9.3"
 __version__ += git_suffix(__file__)
--- a/ram/ram/settings.py
+++ b/ram/ram/settings.py
@@ -49,7 +49,7 @@ INSTALLED_APPS = [
    "rest_framework",
    "ram",
    "portal",
-    # "driver",
+    # "driver",  # uncomment this to enable the "driver" API
    "metadata",
    "roster",
    "consist",
@@ -60,7 +60,7 @@ MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.common.CommonMiddleware",
-    # 'django.middleware.csrf.CsrfViewMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",