From 2959a4d2bf6e800da3c1f9c82a3e34b40370e59b Mon Sep 17 00:00:00 2001 From: Tali Auster Date: Sat, 29 Mar 2025 14:16:06 -0600 Subject: [PATCH] fix: clarify share flow in UI Prior to this commit, to share an entry, a user has to click on the share link and then copy the URL they are redirected to. The danger is that they may right-click and copy the share link without actually clicking on it, and therefore share a link that, when authenticated, shares the entry, rather than actually sharing the entry. Here, we avoid this misinterpretation by making sharing into a POST request and using a form rather than a link. --- internal/template/templates/views/entry.html | 11 ++++++----- internal/ui/ui.go | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/internal/template/templates/views/entry.html b/internal/template/templates/views/entry.html index fea2686b..7b613965 100644 --- a/internal/template/templates/views/entry.html +++ b/internal/template/templates/views/entry.html @@ -67,11 +67,12 @@ {{ else }}
  • - {{ icon "share" }}{{ t "entry.share.label" }} +
    + + +
    • {{ end }}
  • diff --git a/internal/ui/ui.go b/internal/ui/ui.go index a34656ec..f6a55c74 100644 --- a/internal/ui/ui.go +++ b/internal/ui/ui.go @@ -108,7 +108,7 @@ func Serve(router *mux.Router, store *storage.Storage, pool *worker.Pool) { uiRouter.HandleFunc("/entry/bookmark/{entryID}", handler.toggleBookmark).Name("toggleBookmark").Methods(http.MethodPost) // Share pages. - uiRouter.HandleFunc("/entry/share/{entryID}", handler.createSharedEntry).Name("shareEntry").Methods(http.MethodGet) + uiRouter.HandleFunc("/entry/share/{entryID}", handler.createSharedEntry).Name("shareEntry").Methods(http.MethodPost) uiRouter.HandleFunc("/entry/unshare/{entryID}", handler.unshareEntry).Name("unshareEntry").Methods(http.MethodPost) uiRouter.HandleFunc("/share/{shareCode}", handler.sharedEntry).Name("sharedEntry").Methods(http.MethodGet) uiRouter.HandleFunc("/shares", handler.sharedEntries).Name("sharedEntries").Methods(http.MethodGet)