use csrf tokens in all forms

2025-08-09 15:04:59 +02:00 · 2021-10-04 23:13:38 -04:00
parent 02bdaea76a
commit a5f801bb52
2 changed files with 14 additions and 1 deletions
--- a/helpdesk/views/staff.py
+++ b/helpdesk/views/staff.py
@ -1277,6 +1277,7 @@ raw_details = staff_member_required(raw_details)


@helpdesk_staff_member_required
+@requires_csrf_token
 def hold_ticket(request, ticket_id, unhold=False):
    ticket = get_object_or_404(Ticket, id=ticket_id)
    ticket_perm_check(request, ticket)
@ -1306,6 +1307,7 @@ hold_ticket = staff_member_required(hold_ticket)


@helpdesk_staff_member_required
+@requires_csrf_token
 def unhold_ticket(request, ticket_id):
    return hold_ticket(request, ticket_id, unhold=True)