From e8a4f637dfa10510b350b95efaa4b5eb9a8f6f28 Mon Sep 17 00:00:00 2001
From: Adam Mathes <adam@adammathes.com>
Date: Mon, 16 Feb 2026 19:01:17 -0800
Subject: Fix CSP violation on login page by moving inline script to external
 file

---
 web/static/login_script.js | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 web/static/login_script.js

(limited to 'web/static/login_script.js')

diff --git a/web/static/login_script.js b/web/static/login_script.js
new file mode 100644
index 0000000..75d29f4
--- /dev/null
+++ b/web/static/login_script.js
@@ -0,0 +1,8 @@
+window.addEventListener('DOMContentLoaded', function () {
+    var match = document.cookie.split('; ').find(function (row) { return row.startsWith('csrf_token='); });
+    if (match) {
+        var token = match.split('=')[1];
+        var input = document.getElementById('csrf_token');
+        if (input) input.value = token;
+    }
+});
-- 
cgit v1.2.3