From fe259aba572e08df22557251ca9279f512f6862c Mon Sep 17 00:00:00 2001
From: Simon Bennetts <psiinon@gmail.com>
Date: Wed, 4 Apr 2018 18:21:33 +0100
Subject: Bug 1446431 - Allow Baseline scan to ignore forms that dont need CSRF
 Tokens

The data-no-csrf attribute is used to signify that a form is 'safe' (ie
doesn't actually make any permanent changes) and so doesn't need an
anti-csrf token.
---
 template/en/default/index.html.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'template/en/default/index.html.tmpl')

diff --git a/template/en/default/index.html.tmpl b/template/en/default/index.html.tmpl
index 3c42ce71e..97659e6a8 100644
--- a/template/en/default/index.html.tmpl
+++ b/template/en/default/index.html.tmpl
@@ -53,7 +53,7 @@
              href="?GoAheadAndLogIn=1"><span>Log In</span></a>
            [% END %]
 
-        <form id="quicksearchForm" name="quicksearchForm" action="buglist.cgi">
+        <form id="quicksearchForm" name="quicksearchForm" action="buglist.cgi" data-no-csrf>
           <div>
             <input id="quicksearch_main" type="text" name="quicksearch" autofocus
               placeholder="Enter [% terms.abug %] number or some search terms"
-- 
cgit v1.2.3-24-g4f1b