completion of CSRF token for signup form

4 months ago · e6f6b37872
2 changed files with 2 additions and 1 deletions
--- a/app/controllers/welcome.js
+++ b/app/controllers/welcome.js
@ -69,7 +69,7 @@ class WelcomeController extends SiteController {
      csrfToken: csrfTokenService,
      logan: loganService,
    } = this.dtp.services;
-    req.csrfToken = await csrfTokenService.create(req, {
+    res.locals.csrfToken = await csrfTokenService.create(req, {
      name: 'user-create',
      expiresMinutes: 20,
    });
--- a/app/views/welcome/signup.pug
+++ b/app/views/welcome/signup.pug
@ -4,6 +4,7 @@ block content
  section.uk-section.uk-section-default.uk-section-xsmall
    .uk-container.uk-container-small
      form(method="POST", action="/user").uk-form
+        input(type="hidden", name= csrfToken.name, value= csrfToken.token)
        .uk-card.uk-card-default.uk-card-small.uk-width-xlarge.uk-margin-auto.uk-border-rounded
          .uk-card-header
            h1.uk-card-title Create New Account