diff --git a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyBootstrap4/Scripts/Checkout.js b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyBootstrap4/Scripts/Checkout.js index 13627463d..c39d769cf 100644 --- a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyBootstrap4/Scripts/Checkout.js +++ b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyBootstrap4/Scripts/Checkout.js @@ -38,11 +38,18 @@ function IsEmailKnown(forceSwitch, emailfieldid) { var emailfield = $(emailfieldid || '#customeremail').val().toLowerCase(); - $.post(hcc.getServiceUrl("checkout/IsEmailKnown"), - { - "email": emailfield + var form = $('#__AjaxAntiForgeryForm'); + var token = $('input[name="__RequestVerificationToken"]', form).val(); + + $.ajax({ + url: hcc.getServiceUrl("checkout/IsEmailKnown"), + type: 'post', + data: { + email: emailfield, + __RequestVerificationToken: token }, - function (data) { + dataType: 'json', + success: function (data) { if (data.success == "1") { $('#hcLoginSection').show().removeClass("d-none"); $('#loginmessage').html(hcc.l10n.checkout_PleaseLogin).attr('class', 'col-12 alert alert-success').slideDown(); @@ -55,8 +62,8 @@ else { $('#loginmessage').attr('class', 'alert alert-danger').slideUp(); } - }, - "json"); + } + }); } function LoginAjax() { diff --git a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyBootstrap4/Views/Checkout/_Login.cshtml b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyBootstrap4/Views/Checkout/_Login.cshtml index c1779f7a9..026434e2e 100644 --- a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyBootstrap4/Views/Checkout/_Login.cshtml +++ b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyBootstrap4/Views/Checkout/_Login.cshtml @@ -93,7 +93,11 @@
- @Html.TextBox("customeremail", @Model.CurrentOrder.UserEmail, new {@class = "form-control"}) + @using (Html.BeginForm(null, null, FormMethod.Post, new { id = "__AjaxAntiForgeryForm" })) + { + @Html.AntiForgeryToken() + @Html.TextBox("customeremail", @Model.CurrentOrder.UserEmail, new { @class = "form-control" }) + }
diff --git a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyLegacy/Scripts/Checkout.js b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyLegacy/Scripts/Checkout.js index 7e5ca7fcc..0937013e7 100644 --- a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyLegacy/Scripts/Checkout.js +++ b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyLegacy/Scripts/Checkout.js @@ -32,11 +32,18 @@ function IsEmailKnown(forceSwitch, emailfieldid) { var emailfield = $(emailfieldid || '#customeremail').val().toLowerCase(); - $.post(hcc.getServiceUrl("checkout/IsEmailKnown"), - { - "email": emailfield + var form = $('#__AjaxAntiForgeryForm'); + var token = $('input[name="__RequestVerificationToken"]', form).val(); + + $.ajax({ + url: hcc.getServiceUrl("checkout/IsEmailKnown"), + type: 'post', + data: { + email: emailfield, + __RequestVerificationToken: token }, - function (data) { + dataType: 'json', + success: function (data) { if (data.success == "1") { $('#hcLoginSection').show(); $('#loginmessage').html(hcc.l10n.checkout_PleaseLogin).attr('class', 'dnnFormMessage dnnFormSuccess').slideDown(); @@ -49,8 +56,8 @@ else { $('#loginmessage').attr('class', 'dnnFormMessage dnnFormError').slideUp(); } - }, - "json"); + } + }); } function LoginAjax() { diff --git a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyLegacy/Views/Checkout/_Login.cshtml b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyLegacy/Views/Checkout/_Login.cshtml index 2259d46da..fef1f5fa7 100644 --- a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyLegacy/Views/Checkout/_Login.cshtml +++ b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyLegacy/Views/Checkout/_Login.cshtml @@ -67,7 +67,11 @@ diff --git a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyViewSet/Scripts/Checkout.js b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyViewSet/Scripts/Checkout.js index 4ff5d2d33..28411f2a6 100644 --- a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyViewSet/Scripts/Checkout.js +++ b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyViewSet/Scripts/Checkout.js @@ -38,11 +38,18 @@ function IsEmailKnown(forceSwitch, emailfieldid) { var emailfield = $(emailfieldid || '#customeremail').val().toLowerCase(); - $.post(hcc.getServiceUrl("checkout/IsEmailKnown"), - { - "email": emailfield + var form = $('#__AjaxAntiForgeryForm'); + var token = $('input[name="__RequestVerificationToken"]', form).val(); + + $.ajax({ + url: hcc.getServiceUrl("checkout/IsEmailKnown"), + type: 'post', + data: { + email: emailfield, + __RequestVerificationToken: token }, - function (data) { + dataType: 'json', + success: function (data) { if (data.success == "1") { $('#hcLoginSection').show(); $('#loginmessage').html(hcc.l10n.checkout_PleaseLogin).attr('class', 'dnnFormMessage dnnFormSuccess').slideDown(); @@ -55,8 +62,8 @@ else { $('#loginmessage').attr('class', 'dnnFormMessage dnnFormError').slideUp(); } - }, - "json"); + } + }); } function LoginAjax() { diff --git a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyViewSet/Views/Checkout/_Login.cshtml b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyViewSet/Views/Checkout/_Login.cshtml index ad0797025..2084c2591 100644 --- a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyViewSet/Views/Checkout/_Login.cshtml +++ b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/MyViewSet/Views/Checkout/_Login.cshtml @@ -81,7 +81,11 @@
- @Html.TextBox("customeremail", @Model.CurrentOrder.UserEmail, new {@class = "form-control"}) + @using (Html.BeginForm(null, null, FormMethod.Post, new { id = "__AjaxAntiForgeryForm" })) + { + @Html.AntiForgeryToken() + @Html.TextBox("customeremail", @Model.CurrentOrder.UserEmail, new {@class = "form-control"}) + }
\ No newline at end of file diff --git a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/Porto5/Scripts/Checkout.js b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/Porto5/Scripts/Checkout.js index 13627463d..c39d769cf 100644 --- a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/Porto5/Scripts/Checkout.js +++ b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/Porto5/Scripts/Checkout.js @@ -38,11 +38,18 @@ function IsEmailKnown(forceSwitch, emailfieldid) { var emailfield = $(emailfieldid || '#customeremail').val().toLowerCase(); - $.post(hcc.getServiceUrl("checkout/IsEmailKnown"), - { - "email": emailfield + var form = $('#__AjaxAntiForgeryForm'); + var token = $('input[name="__RequestVerificationToken"]', form).val(); + + $.ajax({ + url: hcc.getServiceUrl("checkout/IsEmailKnown"), + type: 'post', + data: { + email: emailfield, + __RequestVerificationToken: token }, - function (data) { + dataType: 'json', + success: function (data) { if (data.success == "1") { $('#hcLoginSection').show().removeClass("d-none"); $('#loginmessage').html(hcc.l10n.checkout_PleaseLogin).attr('class', 'col-12 alert alert-success').slideDown(); @@ -55,8 +62,8 @@ else { $('#loginmessage').attr('class', 'alert alert-danger').slideUp(); } - }, - "json"); + } + }); } function LoginAjax() { diff --git a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/Porto5/Views/Checkout/_Login.cshtml b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/Porto5/Views/Checkout/_Login.cshtml index cd87c04de..cc1e139ba 100644 --- a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/Porto5/Views/Checkout/_Login.cshtml +++ b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/Porto5/Views/Checkout/_Login.cshtml @@ -100,7 +100,11 @@
- @Html.TextBox("customeremail", @Model.CurrentOrder.UserEmail, new {@class = "form-control"}) + @using (Html.BeginForm(null, null, FormMethod.Post, new { id = "__AjaxAntiForgeryForm" })) + { + @Html.AntiForgeryToken() + @Html.TextBox("customeremail", @Model.CurrentOrder.UserEmail, new { @class = "form-control" }) + }
diff --git a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/Scripts/Checkout.js b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/Scripts/Checkout.js index 7e5ca7fcc..0937013e7 100644 --- a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/Scripts/Checkout.js +++ b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/Scripts/Checkout.js @@ -32,11 +32,18 @@ function IsEmailKnown(forceSwitch, emailfieldid) { var emailfield = $(emailfieldid || '#customeremail').val().toLowerCase(); - $.post(hcc.getServiceUrl("checkout/IsEmailKnown"), - { - "email": emailfield + var form = $('#__AjaxAntiForgeryForm'); + var token = $('input[name="__RequestVerificationToken"]', form).val(); + + $.ajax({ + url: hcc.getServiceUrl("checkout/IsEmailKnown"), + type: 'post', + data: { + email: emailfield, + __RequestVerificationToken: token }, - function (data) { + dataType: 'json', + success: function (data) { if (data.success == "1") { $('#hcLoginSection').show(); $('#loginmessage').html(hcc.l10n.checkout_PleaseLogin).attr('class', 'dnnFormMessage dnnFormSuccess').slideDown(); @@ -49,8 +56,8 @@ else { $('#loginmessage').attr('class', 'dnnFormMessage dnnFormError').slideUp(); } - }, - "json"); + } + }); } function LoginAjax() { diff --git a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/SocialSpokes/Scripts/Checkout.js b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/SocialSpokes/Scripts/Checkout.js index 7e5ca7fcc..0937013e7 100644 --- a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/SocialSpokes/Scripts/Checkout.js +++ b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/SocialSpokes/Scripts/Checkout.js @@ -32,11 +32,18 @@ function IsEmailKnown(forceSwitch, emailfieldid) { var emailfield = $(emailfieldid || '#customeremail').val().toLowerCase(); - $.post(hcc.getServiceUrl("checkout/IsEmailKnown"), - { - "email": emailfield + var form = $('#__AjaxAntiForgeryForm'); + var token = $('input[name="__RequestVerificationToken"]', form).val(); + + $.ajax({ + url: hcc.getServiceUrl("checkout/IsEmailKnown"), + type: 'post', + data: { + email: emailfield, + __RequestVerificationToken: token }, - function (data) { + dataType: 'json', + success: function (data) { if (data.success == "1") { $('#hcLoginSection').show(); $('#loginmessage').html(hcc.l10n.checkout_PleaseLogin).attr('class', 'dnnFormMessage dnnFormSuccess').slideDown(); @@ -49,8 +56,8 @@ else { $('#loginmessage').attr('class', 'dnnFormMessage dnnFormError').slideUp(); } - }, - "json"); + } + }); } function LoginAjax() { diff --git a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/SocialSpokes/Views/Checkout/_Login.cshtml b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/SocialSpokes/Views/Checkout/_Login.cshtml index 2259d46da..fef1f5fa7 100644 --- a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/SocialSpokes/Views/Checkout/_Login.cshtml +++ b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/SocialSpokes/Views/Checkout/_Login.cshtml @@ -67,7 +67,11 @@ diff --git a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/Views/Checkout/_Login.cshtml b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/Views/Checkout/_Login.cshtml index 2259d46da..2aec35de9 100644 --- a/DevSamples/MyViewSet/Portals/_default/HotcakesViews/Views/Checkout/_Login.cshtml +++ b/DevSamples/MyViewSet/Portals/_default/HotcakesViews/Views/Checkout/_Login.cshtml @@ -68,6 +68,10 @@ diff --git a/Website/DesktopModules/Hotcakes/Core/Controllers/CheckoutController.cs b/Website/DesktopModules/Hotcakes/Core/Controllers/CheckoutController.cs index fbde65903..35b3f2ebd 100644 --- a/Website/DesktopModules/Hotcakes/Core/Controllers/CheckoutController.cs +++ b/Website/DesktopModules/Hotcakes/Core/Controllers/CheckoutController.cs @@ -280,6 +280,7 @@ public ActionResult CleanCreditCard() } [HccHttpPost] + [ValidateAntiForgeryToken] public ActionResult IsEmailKnown() { var result = new IsEmailKnownJsonModel(); diff --git a/Website/Portals/_default/HotcakesViews/Bootstrap4/Scripts/Checkout.js b/Website/Portals/_default/HotcakesViews/Bootstrap4/Scripts/Checkout.js index 13627463d..c39d769cf 100644 --- a/Website/Portals/_default/HotcakesViews/Bootstrap4/Scripts/Checkout.js +++ b/Website/Portals/_default/HotcakesViews/Bootstrap4/Scripts/Checkout.js @@ -38,11 +38,18 @@ function IsEmailKnown(forceSwitch, emailfieldid) { var emailfield = $(emailfieldid || '#customeremail').val().toLowerCase(); - $.post(hcc.getServiceUrl("checkout/IsEmailKnown"), - { - "email": emailfield + var form = $('#__AjaxAntiForgeryForm'); + var token = $('input[name="__RequestVerificationToken"]', form).val(); + + $.ajax({ + url: hcc.getServiceUrl("checkout/IsEmailKnown"), + type: 'post', + data: { + email: emailfield, + __RequestVerificationToken: token }, - function (data) { + dataType: 'json', + success: function (data) { if (data.success == "1") { $('#hcLoginSection').show().removeClass("d-none"); $('#loginmessage').html(hcc.l10n.checkout_PleaseLogin).attr('class', 'col-12 alert alert-success').slideDown(); @@ -55,8 +62,8 @@ else { $('#loginmessage').attr('class', 'alert alert-danger').slideUp(); } - }, - "json"); + } + }); } function LoginAjax() { diff --git a/Website/Portals/_default/HotcakesViews/Bootstrap4/Views/Checkout/_Login.cshtml b/Website/Portals/_default/HotcakesViews/Bootstrap4/Views/Checkout/_Login.cshtml index c1779f7a9..026434e2e 100644 --- a/Website/Portals/_default/HotcakesViews/Bootstrap4/Views/Checkout/_Login.cshtml +++ b/Website/Portals/_default/HotcakesViews/Bootstrap4/Views/Checkout/_Login.cshtml @@ -93,7 +93,11 @@
- @Html.TextBox("customeremail", @Model.CurrentOrder.UserEmail, new {@class = "form-control"}) + @using (Html.BeginForm(null, null, FormMethod.Post, new { id = "__AjaxAntiForgeryForm" })) + { + @Html.AntiForgeryToken() + @Html.TextBox("customeremail", @Model.CurrentOrder.UserEmail, new { @class = "form-control" }) + }
diff --git a/Website/Portals/_default/HotcakesViews/Porto5/Scripts/Checkout.js b/Website/Portals/_default/HotcakesViews/Porto5/Scripts/Checkout.js index 13627463d..c39d769cf 100644 --- a/Website/Portals/_default/HotcakesViews/Porto5/Scripts/Checkout.js +++ b/Website/Portals/_default/HotcakesViews/Porto5/Scripts/Checkout.js @@ -38,11 +38,18 @@ function IsEmailKnown(forceSwitch, emailfieldid) { var emailfield = $(emailfieldid || '#customeremail').val().toLowerCase(); - $.post(hcc.getServiceUrl("checkout/IsEmailKnown"), - { - "email": emailfield + var form = $('#__AjaxAntiForgeryForm'); + var token = $('input[name="__RequestVerificationToken"]', form).val(); + + $.ajax({ + url: hcc.getServiceUrl("checkout/IsEmailKnown"), + type: 'post', + data: { + email: emailfield, + __RequestVerificationToken: token }, - function (data) { + dataType: 'json', + success: function (data) { if (data.success == "1") { $('#hcLoginSection').show().removeClass("d-none"); $('#loginmessage').html(hcc.l10n.checkout_PleaseLogin).attr('class', 'col-12 alert alert-success').slideDown(); @@ -55,8 +62,8 @@ else { $('#loginmessage').attr('class', 'alert alert-danger').slideUp(); } - }, - "json"); + } + }); } function LoginAjax() { diff --git a/Website/Portals/_default/HotcakesViews/Porto5/Views/Checkout/_Login.cshtml b/Website/Portals/_default/HotcakesViews/Porto5/Views/Checkout/_Login.cshtml index cd87c04de..7bba15655 100644 --- a/Website/Portals/_default/HotcakesViews/Porto5/Views/Checkout/_Login.cshtml +++ b/Website/Portals/_default/HotcakesViews/Porto5/Views/Checkout/_Login.cshtml @@ -100,7 +100,11 @@
- @Html.TextBox("customeremail", @Model.CurrentOrder.UserEmail, new {@class = "form-control"}) + @using (Html.BeginForm(null, null, FormMethod.Post, new { id = "__AjaxAntiForgeryForm" })) + { + @Html.AntiForgeryToken() + @Html.TextBox("customeremail", @Model.CurrentOrder.UserEmail, new { @class = "form-control" }) + }
diff --git a/Website/Portals/_default/HotcakesViews/SocialSpokes/Scripts/Checkout.js b/Website/Portals/_default/HotcakesViews/SocialSpokes/Scripts/Checkout.js index 7e5ca7fcc..b95841134 100644 --- a/Website/Portals/_default/HotcakesViews/SocialSpokes/Scripts/Checkout.js +++ b/Website/Portals/_default/HotcakesViews/SocialSpokes/Scripts/Checkout.js @@ -32,11 +32,18 @@ function IsEmailKnown(forceSwitch, emailfieldid) { var emailfield = $(emailfieldid || '#customeremail').val().toLowerCase(); - $.post(hcc.getServiceUrl("checkout/IsEmailKnown"), - { - "email": emailfield + var form = $('#__AjaxAntiForgeryForm'); + var token = $('input[name="__RequestVerificationToken"]', form).val(); + + $.ajax({ + url: hcc.getServiceUrl("checkout/IsEmailKnown"), + type: 'post', + data: { + email: emailfield, + __RequestVerificationToken: token }, - function (data) { + dataType: 'json', + success: function (data) { if (data.success == "1") { $('#hcLoginSection').show(); $('#loginmessage').html(hcc.l10n.checkout_PleaseLogin).attr('class', 'dnnFormMessage dnnFormSuccess').slideDown(); @@ -48,9 +55,9 @@ } else { $('#loginmessage').attr('class', 'dnnFormMessage dnnFormError').slideUp(); - } - }, - "json"); + } + } + }); } function LoginAjax() { diff --git a/Website/Portals/_default/HotcakesViews/SocialSpokes/Views/Checkout/_Login.cshtml b/Website/Portals/_default/HotcakesViews/SocialSpokes/Views/Checkout/_Login.cshtml index 2259d46da..f875eb91f 100644 --- a/Website/Portals/_default/HotcakesViews/SocialSpokes/Views/Checkout/_Login.cshtml +++ b/Website/Portals/_default/HotcakesViews/SocialSpokes/Views/Checkout/_Login.cshtml @@ -68,6 +68,10 @@ diff --git a/Website/Portals/_default/HotcakesViews/_default-Legacy/Scripts/Checkout.js b/Website/Portals/_default/HotcakesViews/_default-Legacy/Scripts/Checkout.js index 7e5ca7fcc..0937013e7 100644 --- a/Website/Portals/_default/HotcakesViews/_default-Legacy/Scripts/Checkout.js +++ b/Website/Portals/_default/HotcakesViews/_default-Legacy/Scripts/Checkout.js @@ -32,11 +32,18 @@ function IsEmailKnown(forceSwitch, emailfieldid) { var emailfield = $(emailfieldid || '#customeremail').val().toLowerCase(); - $.post(hcc.getServiceUrl("checkout/IsEmailKnown"), - { - "email": emailfield + var form = $('#__AjaxAntiForgeryForm'); + var token = $('input[name="__RequestVerificationToken"]', form).val(); + + $.ajax({ + url: hcc.getServiceUrl("checkout/IsEmailKnown"), + type: 'post', + data: { + email: emailfield, + __RequestVerificationToken: token }, - function (data) { + dataType: 'json', + success: function (data) { if (data.success == "1") { $('#hcLoginSection').show(); $('#loginmessage').html(hcc.l10n.checkout_PleaseLogin).attr('class', 'dnnFormMessage dnnFormSuccess').slideDown(); @@ -49,8 +56,8 @@ else { $('#loginmessage').attr('class', 'dnnFormMessage dnnFormError').slideUp(); } - }, - "json"); + } + }); } function LoginAjax() { diff --git a/Website/Portals/_default/HotcakesViews/_default-Legacy/Views/Checkout/_Login.cshtml b/Website/Portals/_default/HotcakesViews/_default-Legacy/Views/Checkout/_Login.cshtml index 2259d46da..f875eb91f 100644 --- a/Website/Portals/_default/HotcakesViews/_default-Legacy/Views/Checkout/_Login.cshtml +++ b/Website/Portals/_default/HotcakesViews/_default-Legacy/Views/Checkout/_Login.cshtml @@ -68,6 +68,10 @@ diff --git a/Website/Portals/_default/HotcakesViews/_default/Scripts/Checkout.js b/Website/Portals/_default/HotcakesViews/_default/Scripts/Checkout.js index 4ff5d2d33..28411f2a6 100644 --- a/Website/Portals/_default/HotcakesViews/_default/Scripts/Checkout.js +++ b/Website/Portals/_default/HotcakesViews/_default/Scripts/Checkout.js @@ -38,11 +38,18 @@ function IsEmailKnown(forceSwitch, emailfieldid) { var emailfield = $(emailfieldid || '#customeremail').val().toLowerCase(); - $.post(hcc.getServiceUrl("checkout/IsEmailKnown"), - { - "email": emailfield + var form = $('#__AjaxAntiForgeryForm'); + var token = $('input[name="__RequestVerificationToken"]', form).val(); + + $.ajax({ + url: hcc.getServiceUrl("checkout/IsEmailKnown"), + type: 'post', + data: { + email: emailfield, + __RequestVerificationToken: token }, - function (data) { + dataType: 'json', + success: function (data) { if (data.success == "1") { $('#hcLoginSection').show(); $('#loginmessage').html(hcc.l10n.checkout_PleaseLogin).attr('class', 'dnnFormMessage dnnFormSuccess').slideDown(); @@ -55,8 +62,8 @@ else { $('#loginmessage').attr('class', 'dnnFormMessage dnnFormError').slideUp(); } - }, - "json"); + } + }); } function LoginAjax() { diff --git a/Website/Portals/_default/HotcakesViews/_default/Views/Checkout/_Login.cshtml b/Website/Portals/_default/HotcakesViews/_default/Views/Checkout/_Login.cshtml index ad0797025..70630d27f 100644 --- a/Website/Portals/_default/HotcakesViews/_default/Views/Checkout/_Login.cshtml +++ b/Website/Portals/_default/HotcakesViews/_default/Views/Checkout/_Login.cshtml @@ -81,7 +81,11 @@
- @Html.TextBox("customeremail", @Model.CurrentOrder.UserEmail, new {@class = "form-control"}) + @using (Html.BeginForm(null, null, FormMethod.Post, new { id = "__AjaxAntiForgeryForm" })) + { + @Html.AntiForgeryToken() + @Html.TextBox("customeremail", @Model.CurrentOrder.UserEmail, new { @class = "form-control" }) + }
\ No newline at end of file