Add csrf_token to deactivate.html POST; #664

This actually uncovered a bug in Aspen where empty POST bodies cause an exception in the request parser. We needed the csrf_token anyway, of course, but really we're masking an underlying bug (to work around it we would have needed *some* field, anyway).
gratipay · Mar 8, 2013 · cb1ef0e · cb1ef0e
1 parent f2ed7ef
commit cb1ef0e
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/www/%participant_id/deactivate.html b/www/%participant_id/deactivate.html
@@ -41,7 +41,10 @@ <h2 class="top"><span>Deactivate</span></h2>
 
             </div>
             <div class="nav level-1">
-                <button class="selected larger">Deactivate</button>
+                <input type="hidden" name="csrf_token"
+                    value="{{ csrf_token }}" />
+                <button class="selected larger"
+                    type="submit">Deactivate</button>
             </div>
         </form>
     </div>