Add CSRF tokens to login and choose-username forms

Both forms were missing the hidden csrf_token input, causing 400 Bad Request on POST. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 15:43:01 +00:00
parent 41e9670975
commit 0bb057d65b
2 changed files with 2 additions and 0 deletions
--- a/templates/auth/login.html
+++ b/templates/auth/login.html
@@ -11,6 +11,7 @@
  {% endif %}

  <form method="post" action="{{ url_for('auth.start_login') }}" class="space-y-4">
+    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
    <div>
      <label for="email" class="block text-sm font-medium mb-1">Email address</label>
      <input
--- a/templates/federation/choose_username.html
+++ b/templates/federation/choose_username.html
@@ -15,6 +15,7 @@
  {% endif %}

  <form method="post" class="space-y-4">
+    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
    <div>
      <label for="username" class="block text-sm font-medium mb-1">Username</label>
      <div class="flex items-center">