Remove CSRF from admin/upload delete endpoints

This commit is contained in:
2025-07-05 12:07:58 -04:00
parent d1840f63e5
commit 161a61823f
2 changed files with 12 additions and 17 deletions
+3 -6
View File
@@ -144,7 +144,7 @@ let userList (model: WebLogUser list) app =
]
if app.UserId.Value <> user.Id then
span [ _class "text-muted" ] [ raw " &bull; " ]
a [ _href userUrl; _hxDelete userUrl; _class "text-danger"
a [ _href userUrl; _hxDelete userUrl; _hxPushUrl "false"; _class "text-danger"
_hxConfirm $"Are you sure you want to delete the user “{user.PreferredName}”? This action cannot be undone. (This action will not succeed if the user has authored any posts or pages.)" ] [
raw "Delete"
]
@@ -186,11 +186,8 @@ let userList (model: WebLogUser list) app =
div [ _class "container g-0" ] [
div [ _class "row mwl-table-detail"; _id "user_new" ] []
]
form [ _method "post"; _class "container g-0"; _hxTarget "#user_panel"
_hxSwap $"{HxSwap.OuterHtml} show:window:top" ] [
antiCsrf app
yield! List.map userDetail model
]
List.map userDetail model
|> div [ _class "container g-0"; _hxTarget "#user_panel"; _hxSwap $"{HxSwap.OuterHtml} show:window:top" ]
]
]
|> List.singleton