codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2025-02-17 04:01:29 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

FIX: disable double submission which invalidates nonce

Browse source
This commit is contained in:
Sam 2016-09-04 16:05:25 +10:00
parent 340874d345
commit 39e6cbc442
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
app/views/user_api_keys/new.html.erb
View file

@ -20,8 +20,20 @@
<%= hidden_field_tag 'auth_redirect', @auth_redirect %>
<%= hidden_field_tag 'push_url', @push_url %>
<%= hidden_field_tag 'public_key', @public_key%>
<%= submit_tag t('user_api_key.authorize'), class: 'btn btn-danger' %>
<%= submit_tag t('user_api_key.authorize'), class: 'btn btn-danger', id: 'submit' %>
<% end %>
<script>
window.__submitted = false;
// prevent double submission which would invalidate the nonce
document.getElementById('submit').addEventListener('click', function(e){
if (window.__submitted) {
e.preventDefault();
} else {
window.__submitted = true;
}
});
</script>
</div>
<% end %>