Reply form, backporting and refactoring JS

buro9 / microcosm

Front end for Microcosm, a Go web server that serves the static files, templates and performs API calls.

GNU Affero General Public License v3.0

11 stars 3 forks source link

Reply form, backporting and refactoring JS #143

Closed pascalopitz closed 2 years ago

pascalopitz commented 2 years ago

Mostly ported the reply form
Backported JS changes we manually deployed to lfgss
Removed jquery from attachments.js, refactored it into using ES6 class
Added CSRF token mechanism
Added dummy POST endpoint to test CSRF, form submission

buro9 commented 2 years ago

Appears to work fine, got to the placeholder POST form.

The CSRF implementation is basically as I imagined, so this is good stuff :)

I did wonder what happens if a guest gets a cached page, and then tries to reply... but I think it's fine... we can let them fill it in, they'd be prompted to sign in (which doesn't implement CSRF so that the page is cacheable), and then the state would populate a now CSRF'd form. I'll verify this at a later point... but this looks great, and I will merge now.