switch to runFormPostNoToken to work around strange yesod bug
I am not happy about disabling yesod's XSRF tokens, but the webapp has two guards of its own that should suffice: Listening only to localhost (normally) and requiring its own auth token on every single request (always).
This commit is contained in:
Joey Hess
parent
ce2f461ec7
commit
267f8b0bb5
11 changed files with 20 additions and 18 deletions
|
|
@ -67,7 +67,7 @@ postAddBoxComR :: Handler Html
|
|||
postAddBoxComR = boxConfigurator $ do
|
||||
defcreds <- liftAnnex $ previouslyUsedWebDAVCreds "box.com"
|
||||
((result, form), enctype) <- liftH $
|
||||
runFormPost $ renderBootstrap $ boxComAForm defcreds
|
||||
runFormPostNoToken $ renderBootstrap $ boxComAForm defcreds
|
||||
case result of
|
||||
FormSuccess input -> liftH $
|
||||
makeWebDavRemote initSpecialRemote "box.com" (toCredPair input) $ M.fromList
|
||||
|
|
@ -110,7 +110,7 @@ postEnableWebDAVR uuid = do
|
|||
maybe (pure Nothing) previouslyUsedWebDAVCreds $
|
||||
urlHost url
|
||||
((result, form), enctype) <- liftH $
|
||||
runFormPost $ renderBootstrap $ webDAVCredsAForm defcreds
|
||||
runFormPostNoToken $ renderBootstrap $ webDAVCredsAForm defcreds
|
||||
case result of
|
||||
FormSuccess input -> liftH $
|
||||
makeWebDavRemote enableSpecialRemote name (toCredPair input) M.empty
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue