projects / project / luci.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d0f15d9) | patch
luci-base: add support for POST-only actions with CSRF token check
authorJo-Philipp Wich <jow@openwrt.org>
Tue, 6 Oct 2015 13:53:35 +0000 (15:53 +0200)
committerJo-Philipp Wich <jow@openwrt.org>
Tue, 6 Oct 2015 13:56:35 +0000 (15:56 +0200)
commit5a6382171da2c941e17d050cd357629f40541cb6
tree4595ef7f28df1118185618e228eb7587e0c4affdtree | snapshot
parentd0f15d980469386fbdee3ace19de44f29397cc3bcommit | diff
luci-base: add support for POST-only actions with CSRF token check

Add the dispatcher infrastructure to restrict certain routes to POST
requests only in conjunction with verification of CSRF tokens.

This is the first step to get rid of the CSRF token in the url in favor
to tokens embedded in forms.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
modules/luci-base/luasrc/dispatcher.lua diff | blob | history
modules/luci-base/luasrc/view/csrftoken.htm [new file with mode: 0644] blob
Lua Configuration Interface (mirror)