[#5359] only add _session_id field to POST forms; GET doesn't need it

commit: f15c4577ab12d2dd0b261051501302f658aa6e08 [log] [tgz]
author: Dave Brondsema <dbrondsema@geek.net> Wed Nov 28 19:43:55 2012 +0000
committer: Dave Brondsema <dbrondsema@geek.net> Wed Nov 28 19:43:55 2012 +0000
tree: 13a1c7263b0ccf12749667489d683ef4528f7bd8
parent: 7eb795608877f0b358aa5234b08dcaccabdee0f8 [diff]
diff --git a/Allura/allura/public/nf/js/allura-base.js b/Allura/allura/public/nf/js/allura-base.js
index cf944c0..ef60650 100644
--- a/Allura/allura/public/nf/js/allura-base.js
+++ b/Allura/allura/public/nf/js/allura-base.js

@@ -188,5 +188,5 @@
 
     // Provide CSRF protection
     var cval = $.cookie('_session_id');
-    $('form').append('<input name="_session_id" type="hidden" value="'+cval+'">');
+    $('form[method=post]').append('<input name="_session_id" type="hidden" value="'+cval+'">');
 });
commit	f15c4577ab12d2dd0b261051501302f658aa6e08	[log] [tgz]
author	Dave Brondsema <dbrondsema@geek.net>	Wed Nov 28 19:43:55 2012 +0000
committer	Dave Brondsema <dbrondsema@geek.net>	Wed Nov 28 19:43:55 2012 +0000
tree	13a1c7263b0ccf12749667489d683ef4528f7bd8
parent	7eb795608877f0b358aa5234b08dcaccabdee0f8 [diff]