Skip to content
Permalink
Browse files Browse the repository at this point in the history
Force DELETE method for remove permission view.
Avoids CSRF issue.
  • Loading branch information
tonioo committed Jan 23, 2023
1 parent 8313dba commit 38d778c
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
12 changes: 11 additions & 1 deletion modoboa/admin/templates/admin/domain_detail.html
Expand Up @@ -125,7 +125,7 @@ <h3 class="panel-title">
{% trans "Show key" %}
</button>
<button data-toggle="modal" class="btn btn-default btn-xs" data-target="#dkim_regenerate_dialog"><span class="fa fa-refresh"></span></button>

<div class="modal fade" id="dkim_regenerate_dialog" tabindex="-1" role="dialog" aria-labelledby="dkim_regenerate_dialog" aria-hidden="true">
<div class="modal-dialog" role="document">
<div class="modal-content">
Expand Down Expand Up @@ -206,6 +206,16 @@ <h5 class="modal-title" id="dkim_regenerate_dialog">{% trans "Warning" %}</h5>
window.location.reload();
});
});
$('a[name="removeperm"]').click(function (evt) {
evt.preventDefault();
var $this = $(this);
$.ajax({
url: $this.attr('href'),
method: 'DELETE'
}).done(function () {
window.location.reload();
});
});
});
function copy(id) {
navigator.clipboard.writeText(document.getElementById(id).textContent);
Expand Down
1 change: 1 addition & 0 deletions modoboa/admin/views/identity.py
Expand Up @@ -196,6 +196,7 @@ def delaccount(request, pk):

@login_required
@permission_required("admin.add_domain")
@require_http_methods(["DELETE"])
def remove_permission(request):
domid = request.GET.get("domid", None)
daid = request.GET.get("daid", None)
Expand Down

0 comments on commit 38d778c

Please sign in to comment.