Prevent csrf attacks on login
Change-Id: I9e6225f80136899e1ab90eac58d8206d2f7b1819
diff --git a/templates/layouts/main.html.ep b/templates/layouts/main.html.ep
index 83b637d..78ed722 100644
--- a/templates/layouts/main.html.ep
+++ b/templates/layouts/main.html.ep
@@ -33,6 +33,7 @@
<fieldset>
%= form_for 'login', class => 'login', begin
<legend><span><%= loc 'login' %></span></legend>
+ %= csrf_field
%= text_field 'handle_or_email', placeholder => loc('userormail')
<div>
%= password_field 'pwd', placeholder => loc('pwd')