diff --git a/CHANGELOG.md b/CHANGELOG.md
index 339d25f..b476385 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,8 @@
+# management 0.3.1, 2021-02-03
+
+* Allow forgery on the support request form
+* Fix minor typo in captcha description
+
# management 0.3.0, 2021-02-03
* Add minimal captcha module
diff --git a/lib/recycledcloud_web/router.ex b/lib/recycledcloud_web/router.ex
index 1e44550..254ea79 100644
--- a/lib/recycledcloud_web/router.ex
+++ b/lib/recycledcloud_web/router.ex
@@ -12,6 +12,14 @@ defmodule RecycledCloudWeb.Router do
plug :fetch_current_user
end
+ pipeline :browser_with_forgery do
+ plug :accepts, ["html"]
+ plug :fetch_session
+ plug :fetch_flash
+ plug :put_secure_browser_headers
+ plug :fetch_current_user
+ end
+
pipeline :api do
plug :accepts, ["json"]
end
@@ -24,6 +32,15 @@ defmodule RecycledCloudWeb.Router do
pipe_through :browser
get "/", PageController, :index
+ get "/support/new", SupportController, :new
+ end
+
+ scope "/", RecycledCloudWeb do
+ pipe_through :browser_with_forgery
+
+ # The static recycled.cloud website POST this endpoint, which basically is
+ # Cross-Site Request Forgery (hence browser_with_forgery pipeline).
+ post "/support/new", SupportController, :create
end
scope "/", RecycledCloudWeb do
@@ -45,9 +62,6 @@ defmodule RecycledCloudWeb.Router do
post "/users/reset_password", UserResetPasswordController, :create
get "/users/reset_password/:token", UserResetPasswordController, :edit
put "/users/reset_password/:token", UserResetPasswordController, :update
-
- get "/support/new", SupportController, :new
- post "/support/new", SupportController, :create
end
scope "/", RecycledCloudWeb do
diff --git a/lib/recycledcloud_web/templates/support/new.html.eex b/lib/recycledcloud_web/templates/support/new.html.eex
index 49a3d54..3e0a68c 100644
--- a/lib/recycledcloud_web/templates/support/new.html.eex
+++ b/lib/recycledcloud_web/templates/support/new.html.eex
@@ -23,8 +23,8 @@
- Can you answer the following expression to confirm you are not basic
- robot?
+ Can you answer the following expression to confirm you are
+ not a basic robot?
diff --git a/lib/recycledcloud_web/templates/user_registration/new.html.eex b/lib/recycledcloud_web/templates/user_registration/new.html.eex
index f92db18..4bdf5bb 100644
--- a/lib/recycledcloud_web/templates/user_registration/new.html.eex
+++ b/lib/recycledcloud_web/templates/user_registration/new.html.eex
@@ -23,7 +23,7 @@
- Can you answer the following expression to confirm you are not basic robot?
+ Can you answer the following expression to confirm you are not a basic robot?
diff --git a/mix.exs b/mix.exs
index cf9d494..6d56dc8 100644
--- a/mix.exs
+++ b/mix.exs
@@ -4,7 +4,7 @@ defmodule RecycledCloud.MixProject do
def project do
[
app: :recycledcloud,
- version: "0.3.0",
+ version: "0.3.1",
elixir: "~> 1.7",
elixirc_paths: elixirc_paths(Mix.env()),
compilers: [:phoenix, :gettext] ++ Mix.compilers(),