summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-base/luasrc/view
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2015-10-06 15:53:35 +0200
committerJo-Philipp Wich <jow@openwrt.org>2015-10-06 15:56:35 +0200
commit5a6382171da2c941e17d050cd357629f40541cb6 (patch)
tree4595ef7f28df1118185618e228eb7587e0c4affd /modules/luci-base/luasrc/view
parentd0f15d980469386fbdee3ace19de44f29397cc3b (diff)
luci-base: add support for POST-only actions with CSRF token check
Add the dispatcher infrastructure to restrict certain routes to POST requests only in conjunction with verification of CSRF tokens. This is the first step to get rid of the CSRF token in the url in favor to tokens embedded in forms. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'modules/luci-base/luasrc/view')
-rw-r--r--modules/luci-base/luasrc/view/csrftoken.htm24
1 files changed, 24 insertions, 0 deletions
diff --git a/modules/luci-base/luasrc/view/csrftoken.htm b/modules/luci-base/luasrc/view/csrftoken.htm
new file mode 100644
index 0000000000..57ac03f3bf
--- /dev/null
+++ b/modules/luci-base/luasrc/view/csrftoken.htm
@@ -0,0 +1,24 @@
+<%#
+ Copyright 2015 Jo-Philipp Wich <jow@openwrt.org>
+ Licensed to the public under the Apache License 2.0.
+-%>
+
+<%+header%>
+
+<h2 name="content"><%:Form token mismatch%></h2>
+<br />
+
+<p class="alert-message"><%:The submitted security token is invalid or already expired!%></p>
+
+<p><%:
+ In order to prevent unauthorized access to the system, your request has
+ been blocked. Click "Continue »" below to return to the previous page.
+%></p>
+
+<hr />
+
+<p class="right">
+ <strong><a href="#" onclick="window.history.back();">Continue »</a></strong>
+</p>
+
+<%+footer%>