Fix CSP violation on login page by moving inline script to external file

author: Adam Mathes <adam@adammathes.com> 2026-02-16 19:01:17 -0800
committer: Adam Mathes <adam@adammathes.com> 2026-02-16 19:01:17 -0800
commit: e8a4f637dfa10510b350b95efaa4b5eb9a8f6f28 (patch)
tree: 0bbf318cc1121637e3bc92b353c507bc5276fecd /web/static/login_script.js
parent: 9d1f2f094a291b8dc5ca8dc006a4f6169d6b873c (diff)
download: neko-e8a4f637dfa10510b350b95efaa4b5eb9a8f6f28.tar.gz
neko-e8a4f637dfa10510b350b95efaa4b5eb9a8f6f28.tar.bz2
neko-e8a4f637dfa10510b350b95efaa4b5eb9a8f6f28.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/web/static/login_script.js b/web/static/login_script.js
new file mode 100644
index 0000000..75d29f4
--- /dev/null
+++ b/web/static/login_script.js
@@ -0,0 +1,8 @@
+window.addEventListener('DOMContentLoaded', function () {
+    var match = document.cookie.split('; ').find(function (row) { return row.startsWith('csrf_token='); });
+    if (match) {
+        var token = match.split('=')[1];
+        var input = document.getElementById('csrf_token');
+        if (input) input.value = token;
+    }
+});
author	Adam Mathes <adam@adammathes.com>	2026-02-16 19:01:17 -0800
committer	Adam Mathes <adam@adammathes.com>	2026-02-16 19:01:17 -0800
commit	e8a4f637dfa10510b350b95efaa4b5eb9a8f6f28 (patch)
tree	0bbf318cc1121637e3bc92b353c507bc5276fecd /web/static/login_script.js
parent	9d1f2f094a291b8dc5ca8dc006a4f6169d6b873c (diff)
download	neko-e8a4f637dfa10510b350b95efaa4b5eb9a8f6f28.tar.gz neko-e8a4f637dfa10510b350b95efaa4b5eb9a8f6f28.tar.bz2 neko-e8a4f637dfa10510b350b95efaa4b5eb9a8f6f28.zip