From 5d886f3d06373d2c3292911bac0772bcd5102343 Mon Sep 17 00:00:00 2001
From: Antoine Nguyen <tonio@ngyn.org>
Date: Mon, 27 Feb 2023 11:29:51 +0100
Subject: [PATCH] Fixed CSRF issues in edit operations.

---
 modoboa/admin/views/domain.py   | 1 +
 modoboa/admin/views/identity.py | 1 +
 2 files changed, 2 insertions(+)

diff --git a/modoboa/admin/views/domain.py b/modoboa/admin/views/domain.py
index 3eb0c53c0..f1341b770 100644
--- a/modoboa/admin/views/domain.py
+++ b/modoboa/admin/views/domain.py
@@ -214,6 +214,7 @@ def newdomain(request):
 
 @login_required
 @permission_required("admin.view_domain")
+@require_http_methods(["POST"])
 @reversion.create_revision()
 def editdomain(request, dom_id):
     """Edit domain view."""
diff --git a/modoboa/admin/views/identity.py b/modoboa/admin/views/identity.py
index 8140d93ad..b007a6844 100644
--- a/modoboa/admin/views/identity.py
+++ b/modoboa/admin/views/identity.py
@@ -167,6 +167,7 @@ def newaccount(request):
 
 @login_required
 @permission_required("core.change_user")
+@require_http_methods(["POST"])
 @reversion.create_revision()
 def editaccount(request, pk):
     account = User.objects.get(pk=pk)