Closed pascalopitz closed 2 years ago
Appears to work fine, got to the placeholder POST form.
The CSRF implementation is basically as I imagined, so this is good stuff :)
I did wonder what happens if a guest gets a cached page, and then tries to reply... but I think it's fine... we can let them fill it in, they'd be prompted to sign in (which doesn't implement CSRF so that the page is cacheable), and then the state would populate a now CSRF'd form. I'll verify this at a later point... but this looks great, and I will merge now.
attachments.js
, refactored it into using ES6 class