http-verbs-get-to-post-csrf (!42) · Merge requests · engineering / Make Post Sell / make_post_sell

Russell Ballestrini requested to merge http-verb-get-to-post-csrf into master May 03, 2025

modified:   .gitignore
modified:   development.ini
modified:   make_post_sell/static/css/common.css
modified:   make_post_sell/templates/cart.j2
modified:   make_post_sell/templates/cart_checkout.j2
modified:   make_post_sell/templates/product.j2
modified:   make_post_sell/templates/snippets/csrf.j2
modified:   make_post_sell/views/cart.py

Summary by CodeRabbit

New Features
- All cart and checkout actions now use secure POST forms with CSRF protection, enhancing security for adding, removing, and updating products in the cart.
Bug Fixes
- Improved transactional integrity during checkout to ensure that database changes only occur after successful payment.
Style
- Unified button styles for both anchor and button elements, ensuring consistent appearance across cart and product actions.
Chores
- Updated session cookie settings for improved security and domain handling.
- Excluded the data directory from version control.

Edited May 03, 2025 by CodeRabbit

Admin message

http-verbs-get-to-post-csrf

Summary by CodeRabbit

Merge request reports