Add csrf token to forms in alert profiles

python/nav/web/templates/alertprofiles/account_detail.html

@@ -50,6 +50,7 @@ <h5>Alerts you have permissions to recieve</h5>
       <div class="column medium-4">
         <h5>Alert language</h5>
         <form action="{% url 'alertprofiles-language-save' %}" method="post" class="inline-form custom">
+          {% csrf_token %}
           {{ language_form.language }}
           <input type="submit" value="Save changes" class="button tiny"/>
         </form>
@@ -65,4 +66,3 @@ <h5>Alert language</h5>
   </div>
 
 {% endblock %}
-

python/nav/web/templates/alertprofiles/base_detail.html

@@ -39,6 +39,7 @@ <h5>
           {% endblock %}
         </h5>
         <form action="{% block url_remove_expression %}{% endblock %}" method="post">
+            {% csrf_token %}
             <table class="listtable">
                 <thead>
                     <tr>
@@ -67,6 +68,7 @@ <h5>
 
     <div class="addexpressionform">
         <form action="{% block url_add_expression %}{% endblock %}" method="post">
+        {% csrf_token %}
         {% block addexpression %}
             <p>
                 <input type="hidden" name="id" value="{{ detail_id }}" />

python/nav/web/templates/alertprofiles/base_list.html

@@ -6,6 +6,7 @@
 {% endblock %}
 
 <form action="{{ form_action }}" method="post">
+  {% csrf_token %}
 
   <h4>{% block captioncontent %}{% endblock %}</h4>
 

python/nav/web/templates/alertprofiles/expression_form.html

@@ -6,6 +6,7 @@ <h4>
   </h4>
 
   <form action="{% url 'alertprofiles-filters-saveexpression' %}" method="post" class="custom">
+    {% csrf_token %}
     <table class="vertitable">
       <tbody>
         <tr>

python/nav/web/templates/alertprofiles/permissions.html

@@ -53,6 +53,7 @@ <h4>Choose a group to set it's permissions</h4>
 
   {% if selected_group %}
     <form action="{% url 'alertprofiles-permissions-save' %}" method="post">
+      {% csrf_token %}
       <table class="listtable full-width">
         <caption>Set permissions for {{ selected_group.name }}</caption>
 

python/nav/web/templates/alertprofiles/profile.html

@@ -7,6 +7,7 @@ <h4>Profiles</h4>
 
 
   <form action="{% url 'alertprofiles-profile-remove' %}" method="post">
+    {% csrf_token %}
     <table class="listtable">
       <thead>
       <tr>

python/nav/web/templates/alertprofiles/profile_detail.html

@@ -10,7 +10,7 @@
 
 {% block headercontent %}
     {% if detail_id %}
-       Profile details 
+       Profile details
     {% else %}
         New profile
     {% endif %}
@@ -40,6 +40,7 @@
     <h4>Time periods</h4>
 
 <form action="{% url 'alertprofiles-profile-timeperiod-remove' %}" method="post">
+    {% csrf_token %}
     {% include "alertprofiles/timeperiods.html" %}
     <p>
         <input type="hidden" name="profile" value="{{ detail_id }}" />

python/nav/web/templates/alertprofiles/subscription_form.html

@@ -23,6 +23,7 @@ <h4>
 {% if subscriptions %}
 
 <form action="{% url 'alertprofiles-profile-timeperiod-subscription-remove' %}" method="post">
+    {% csrf_token %}
     <table class="listtable full-width">
         <thead>
             <tr>
@@ -67,6 +68,7 @@ <h4>
 
 <div class="addexpressionform">
     <form action="{% url 'alertprofiles-profile-timeperiod-subscription-add' %}" method="post">
+        {% csrf_token %}
         <h5>{{ editing|yesno:"Edit,Add new" }} subscription</h5>
         <div class="formcontainer">