Add CSRF tokens

todosrht/templates/edit_ticket.html

@@ -49,6 +49,7 @@
 <div class="container">
   <div class="row">
     <form class="col-md-6" method="POST">
+      {{csrf_token()}}
       <div class="form-group">
         <label for="title">Title</label>
         <input

todosrht/templates/ticket.html

@@ -60,6 +60,7 @@
                 owner=tracker.owner.canonical_name(),
                 name=tracker.name,
                 ticket_id=ticket.scoped_id)}}">
+              {{csrf_token()}}
             {% else %}
             <div>
             {% endif %}
@@ -147,7 +148,8 @@
                 name=tracker.name,
                 ticket_id=ticket.scoped_id,
               )
-            }}">
+          }}">
+            {{csrf_token()}}
             <select
               id="label_id"
               name="label_id"
@@ -231,7 +233,8 @@
             name=tracker.name,
             ticket_id=ticket.scoped_id
           )
-        }}">
+      }}">
+        {{csrf_token()}}
         <div class="form-group" style="margin-bottom: 0.25rem">
           <textarea
             class="form-control {{ valid.cls("comment") }}"

todosrht/templates/tracker-configure.html

@@ -60,6 +60,7 @@
   <div class="row">
     <div class="col-md-7">
       <form method="POST">
+        {{csrf_token()}}
         <div class="form-group {{valid.cls("tracker_name")}}">
           <label for="tracker_name">
             Name

todosrht/templates/tracker-create.html

@@ -12,6 +12,7 @@
     <div class="col-md-6">
       <h2>Create new tracker</h2>
       <form method="POST" action="/tracker/create">
+        {{csrf_token()}}
         <div class="form-group">
           <label for="tracker_name">Name</label>
           <input

todosrht/templates/tracker-labels.html

@@ -62,6 +62,7 @@
                     name=tracker.name,
                     label_id=label.id
                   )}}">
+                {{csrf_token()}}
                 <button type="submit" class="btn btn-danger btn-sm">
                   Delete {{ icon("times") }}
                 </button>
@@ -81,6 +82,7 @@
       <h3 style="margin-top: 1rem">Add label</h3>
 
       <form method="POST">
+        {{csrf_token()}}
         <div class="form-row">
           <div class="col-auto">
             <div class="form-group" style="width: 4rem">

todosrht/templates/tracker.html

@@ -58,6 +58,7 @@
               ("disable_notifications" if is_subscribed else "enable_notifications"),
               owner=tracker.owner.canonical_name(),
               name=tracker.name)}}">
+            {{csrf_token()}}
             <button class="nav-link active" type="submit">
               {{icon("envelope-o")}}
               {% if is_subscribed %}
@@ -84,6 +85,7 @@
             name=tracker.name
           )
         }}">
+        {{csrf_token()}}
         <div class="form-group">
           <label for="title">Title</label>
           <input
@@ -137,6 +139,7 @@
           placeholder="Search tickets...     status:closed     order:updated     submitter:me"
           class="form-control"
           value="{{ search if search else "" }}" />
+        {{csrf_token()}}
       </form>
       {% if len(tickets) %}
       <div class="ticket-list">