Bjoern Welker
e062a1e836
- Add Flask-WTF dependency for CSRF protection - Initialize CSRFProtect in app.py - Add CSRF tokens to all POST forms in templates - Exempt /order JSON API endpoint (uses API key instead) This protects against Cross-Site Request Forgery attacks on all admin and user management operations. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
26 lines
713 B
HTML
Executable File
26 lines
713 B
HTML
Executable File
{% extends "base.html" %}
|
|
{% block content %}
|
|
<div class="card form-card">
|
|
<h2>Login</h2>
|
|
{% if error %}
|
|
<div class="note">Benutzername oder Passwort ist falsch.</div>
|
|
{% endif %}
|
|
<form method="post">
|
|
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
|
|
<div class="form-grid">
|
|
<label>
|
|
Benutzer
|
|
<input type="text" name="user" required />
|
|
</label>
|
|
<label>
|
|
Passwort
|
|
<input type="password" name="password" required />
|
|
</label>
|
|
</div>
|
|
<div class="form-actions">
|
|
<button class="btn btn-accent" type="submit">Anmelden</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
{% endblock %}
|