From b0f867fc9390563df99dbb166f1ebe731fe2b873 Mon Sep 17 00:00:00 2001
From: Francisco Ruiz <quiesagua@gmail.com>
Date: Wed, 19 Jun 2013 16:12:45 +0200
Subject: [PATCH] Added CSRF crumb to actions requiring confirmation only when
 POST method is used.

---
 core/src/main/resources/lib/layout/confirmationLink.jelly | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/core/src/main/resources/lib/layout/confirmationLink.jelly b/core/src/main/resources/lib/layout/confirmationLink.jelly
index f03a944145..2504e20b0c 100644
--- a/core/src/main/resources/lib/layout/confirmationLink.jelly
+++ b/core/src/main/resources/lib/layout/confirmationLink.jelly
@@ -45,7 +45,9 @@ THE SOFTWARE.
                 var form = document.createElement('form');
                 form.setAttribute('method', post ? 'POST' : 'GET');
                 form.setAttribute('action', href);
-                crumb.appendToForm(form);
+                if (post) {
+                    crumb.appendToForm(form);
+                }
                 document.body.appendChild(form);
                 form.submit();
             }
-- 
GitLab