Home Explore Help
Sign In
LBP
/
miniflux_v2
mirror of https://github.com/miniflux/v2.git
4
0
Fork 0
Files Issues 0 Wiki
Browse Source

fix: clarify share flow in UI

Prior to this commit, to share an entry, a user has to click on the
share link and then copy the URL they are redirected to. The danger is
that they may right-click and copy the share link without actually
clicking on it, and therefore share a link that, when authenticated,
shares the entry, rather than actually sharing the entry.

Here, we avoid this misinterpretation by making sharing into a POST
request and using a form rather than a link.
Tali Auster 1 year ago
parent
6b70a7dc81
commit
2959a4d2bf
2 changed files with 7 additions and 6 deletions
Split View Show Diff Stats
  1. 6 5
      internal/template/templates/views/entry.html
  2. 1 1
      internal/ui/ui.go

+ 6 - 5
internal/template/templates/views/entry.html
View File 

@@ -67,11 +67,12 @@
 
                 </li>
 
                 {{ else }}
 
                 <li>
 
-                    <a href="{{ route "shareEntry" "entryID" .entry.ID }}"
 
-                        class="page-link"
 
-                        title="{{ t "entry.share.title" }}"
 
-                        data-share-status="share"
 
-                        target="_blank">{{ icon "share" }}<span class="icon-label">{{ t "entry.share.label" }}</span></a>
 
+                  <form method="post" action="{{route "shareEntry" "entryID" .entry.ID }}">
 
+                    <input type="hidden" name="csrf" value="{{ .csrf }}">
 
+                      <button type="submit" class="page-button">
 
+			{{ icon "share" }}<span class="icon-label">{{ t "entry.share.label" }}</span>
 
+		      </button>
 
+		  </form>
 
                 </li>
 
                 {{ end }}
 
                 <li>

+ 1 - 1
internal/ui/ui.go
View File 

@@ -108,7 +108,7 @@ func Serve(router *mux.Router, store *storage.Storage, pool *worker.Pool) {
 
 	uiRouter.HandleFunc("/entry/bookmark/{entryID}", handler.toggleBookmark).Name("toggleBookmark").Methods(http.MethodPost)
 
 
 	// Share pages.
 
-	uiRouter.HandleFunc("/entry/share/{entryID}", handler.createSharedEntry).Name("shareEntry").Methods(http.MethodGet)
 
+	uiRouter.HandleFunc("/entry/share/{entryID}", handler.createSharedEntry).Name("shareEntry").Methods(http.MethodPost)
 
 	uiRouter.HandleFunc("/entry/unshare/{entryID}", handler.unshareEntry).Name("unshareEntry").Methods(http.MethodPost)
 
 	uiRouter.HandleFunc("/share/{shareCode}", handler.sharedEntry).Name("sharedEntry").Methods(http.MethodGet)
 
 	uiRouter.HandleFunc("/shares", handler.sharedEntries).Name("sharedEntries").Methods(http.MethodGet)