Show - Form hack with vote buttons - CSRF protection

LandingPage/static/css/style.css

@@ -181,6 +181,9 @@ a.episode .submission_cnt {
   cursor: pointer;
   text-decoration: none;
 }
+.vote-btns form {
+  display: inline-block;
+}
 .vote-positive {
   background-color: #a4ffa7;
   color: #008005;

Show/templates/episode.html

@@ -41,12 +41,18 @@
 	<div class="submission{% if sbm.positives < sbm.negatives %} buried{% endif %}">
 		<a href="{{sbm.url}}" class="link"><i class="fa fa-fw fa-globe"></i>&nbsp;{{sbm.url}}</a>
 		<div class="vote-btns" data-vote-id="{{sbm.id}}">
-			<a href="/show/{{show.abbr}}/vote/{{sbm.id}}/1" class="vote-positive">
+			<form method="POST" action="/show/{{show.abbr}}/vote/{{sbm.id}}/1">
+				{% csrf_token %}
+				<button class="vote-positive">
 					<i class="fa fa-fw fa-thumbs-up"></i>&nbsp;{{sbm.positives}}
-			</a>
-			<a href="/show/{{show.abbr}}/vote/{{sbm.id}}/0" class="vote-negative">
+				</button>
+			</form>
+			<form method="POST" action="/show/{{show.abbr}}/vote/{{sbm.id}}/0">
+				{% csrf_token %}
+				<button class="vote-negative">
 					<i class="fa fa-fw fa-thumbs-down"></i>&nbsp;{{sbm.negatives}}
-			</a>
+				</button>
+			</form>
 		</div>
 	</div>
 	{% empty %}

Show/views.py

@@ -145,7 +145,7 @@ def SubmissionForm(req, abbreviation, season, episode):
 # Vote request
 # /show/{{abbr}}/vote/{{submission id}}/{{positive == 1}}
 class SubmissionVoteSubmit(View):
-    def get (self, req, abbreviation, subid, positive):
+    def post (self, req, abbreviation, subid, positive):
         # Convert positive parameter into a boolean
         pos_bool = int(positive) == 1