No csrf for client side, yet

2025-08-30 15:51:14 +01:00 · 2025-08-30 15:51:14 +01:00 · de627c19c5
parent 595e57dcdd
commit de627c19c5
1 changed files with 1 additions and 1 deletions
--- a/client/saved_payment_methods.php
+++ b/client/saved_payment_methods.php
@ -108,7 +108,7 @@ if (!$stripe_public_key || !$stripe_secret_key) {
                            $exp_year = nullable_htmlentities($pm->card->exp_year);

                            echo "<li>$brand card ending in $last4, expires $exp_month/$exp_year";
-                            echo " – <a href='post.php?delete_saved_payment={$method['saved_payment_id']}&csrf_token={$_SESSION['csrf_token']}'>Remove</a></li>";
+                            echo " – <a href='post.php?delete_saved_payment={$method['saved_payment_id']}'>Remove</a></li>";
                        }
                    } catch (Exception $e) {
                        $error = $e->getMessage();