From 301879427e29f7f674c0fb2daaa3977fbd747c0d Mon Sep 17 00:00:00 2001
From: Paul DeKraker <dekraker.paul@epa.gov>
Date: Sat, 3 Dec 2022 23:14:25 -0500
Subject: [PATCH 1/2] Add CSRF protection to new source form

---
 ckanext/harvest/templates/source/new_source_form.html | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ckanext/harvest/templates/source/new_source_form.html b/ckanext/harvest/templates/source/new_source_form.html
index 8a9df5169..9e993298c 100644
--- a/ckanext/harvest/templates/source/new_source_form.html
+++ b/ckanext/harvest/templates/source/new_source_form.html
@@ -14,6 +14,8 @@
       </span>
   {% endcall %}
 
+  {{ h.csrf_input() }}
+
   {{ form.input('title', id='field-title', label=_('Title'), placeholder=_('eg. A descriptive title'), value=data.title, error=errors.title, classes=['control-full'], attrs={'data-module': 'slug-preview-target'}) }}
 
   {% set prefix = 'harvest' %}

From 63e55cdeb23e0abf496ebb8c7c1c23bcbf57775a Mon Sep 17 00:00:00 2001
From: P DeKraker <47568003+pdekraker-epa@users.noreply.github.com>
Date: Wed, 7 Dec 2022 07:37:26 -0500
Subject: [PATCH 2/2] Apply only to versions with CSRF
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Adrià Mercader <amercadero@gmail.com>
---
 ckanext/harvest/templates/source/new_source_form.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ckanext/harvest/templates/source/new_source_form.html b/ckanext/harvest/templates/source/new_source_form.html
index 9e993298c..015371655 100644
--- a/ckanext/harvest/templates/source/new_source_form.html
+++ b/ckanext/harvest/templates/source/new_source_form.html
@@ -14,7 +14,7 @@
       </span>
   {% endcall %}
 
-  {{ h.csrf_input() }}
+{{ h.csrf_input() if 'csrf_input' in h }}
 
   {{ form.input('title', id='field-title', label=_('Title'), placeholder=_('eg. A descriptive title'), value=data.title, error=errors.title, classes=['control-full'], attrs={'data-module': 'slug-preview-target'}) }}