Mercurial > lua-web-app / file diff

--- a/src/http.lua	Thu Jun 22 21:31:36 2023 +0100
+++ b/src/http.lua	Thu Jun 22 21:31:56 2023 +0100
@@ -17,12 +17,14 @@
 
 local csrf_token_len = #uuid.generate();
 
+-- Add a CSRF token to the view data and cookie (for verification on next request)
 local function check_csrf(event, viewdata)
 	local request, response = event.request, event.response;
 	web.unpack_cookies(request);
 	local csrf_token = request.cookies.csrf_token;
 	log("debug", "csrf_token=%s", tostring(csrf_token));
 	if csrf_token and #csrf_token == csrf_token_len then
+		-- We already have a CSRF token cookie
 		viewdata.csrf_token = csrf_token;
 	else
 		csrf_token = uuid.generate();