From c1c50dc2fd82da6088cc1cb45e3e3bc9596d3466 Mon Sep 17 00:00:00 2001
From: Ben Adida <ben@adida.net>
Date: Sun, 27 Jul 2014 10:46:22 -0700
Subject: [PATCH] remove auto-submit feature for now, csrf protection since
 ballot preparation and casting are meant to be loosely coupled.

---
 helios/templates/_castconfirm_docast.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/helios/templates/_castconfirm_docast.html b/helios/templates/_castconfirm_docast.html
index 05f0bef..fa6b3e7 100644
--- a/helios/templates/_castconfirm_docast.html
+++ b/helios/templates/_castconfirm_docast.html
@@ -28,7 +28,8 @@ You are logged in as <u>{{voter.display_html_big|safe}}</u><br /><br />
     You can start the voting process over again, of course.</span>
 </p>
 
-<script>$('#cast_confirm_form').submit()</script>
+<!-- for now, for CSRF protection, no auto-submit just yet (benadida) -->
+<!-- <script>$('#cast_confirm_form').submit()</script> -->
 
 </div>
   {% else %}
-- 
GitLab