Optimized login form - delegated CSRF token creation to thymeleaf
Also added additional test to verify behaviour. Fixes gh-1039
This commit is contained in:
@@ -20,14 +20,13 @@
|
||||
<p th:if="${param.logout}" class="alert">You have been logged out</p>
|
||||
<p th:if="${param.error}" class="alert alert-error">There was an error, please try again</p>
|
||||
<h2>Login with Username and Password</h2>
|
||||
<form name="form" action="/login" method="POST">
|
||||
<form name="form" th:action="@{/login}" action="/login" method="POST">
|
||||
<fieldset>
|
||||
<input type="text" name="username" value="" placeholder="Username" />
|
||||
<input type="password" name="password" placeholder="Password" />
|
||||
</fieldset>
|
||||
<input type="submit" id="login" value="Login"
|
||||
class="btn btn-primary" /> <input type="hidden"
|
||||
th:name="${_csrf.parameterName}" th:value="${_csrf.token}" />
|
||||
class="btn btn-primary" />
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user