Add CSRF input to Account Delete form.

2014-02-07 23:41:15 -05:00
parent db50b485da
commit 1143ac4320
1 changed files with 2 additions and 1 deletions
--- a/views/account/profile.jade
+++ b/views/account/profile.jade
@ -68,6 +68,7 @@ block content

  p You can delete your account, but keep in mind this action is irreversible.
  form(action='/account/delete', method='POST')
+    input(type='hidden', name='_csrf', value=token)
    button.btn.btn-danger(type='submit')
      i.fa.fa-trash-o
      | Delete my account