mirivlad
/
bp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use base.js CSRF handling approach like kanban 

- Remove manual CSRF token handling
- Let base.js automatically add X-CSRF-TOKEN header
- Use same approach as kanban board for AJAX requests
This commit is contained in:
Vladimir Tomashevskiy 2026-02-08 17:59:09 +00:00
parent 735ebd8bd7
commit 7badf73b50
1 changed files with 9 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
app/Modules/Tasks/Views/tasks/show.twig
View File

@ -227,37 +227,6 @@
{% block scripts %} {% block scripts %}
{{ parent() }} {{ parent() }}
<script> <script>
function getCsrfToken() {
// 1. Пробуем из мета-тега
const meta = document.querySelector('meta[name="csrf-token"]');
if (meta && meta.getAttribute('content')) {
return meta.getAttribute('content');
}
// 2. Пробуем из data-атрибута body
if (document.body && document.body.dataset.csrfToken) {
return document.body.dataset.csrfToken;
}
// 3. Пробуем из скрытого input на странице
const csrfInput = document.querySelector('input[name*="csrf"]');
if (csrfInput && csrfInput.value) {
return csrfInput.value;
}
// 4. Пробуем из cookie
const cookies = document.cookie.split(';');
for (let cookie of cookies) {
const [name, value] = cookie.trim().split('=');
if (name === 'csrf_cookie_name' && value) {
return decodeURIComponent(value);
}
}
console.warn('CSRF token not found anywhere');
return '';
}
function addSubtask(event, taskId) { function addSubtask(event, taskId) {
event.preventDefault(); event.preventDefault();
const form = event.target; const form = event.target;
@ -266,14 +235,13 @@ function addSubtask(event, taskId) {
if (!title) return; if (!title) return;
const csrfToken = getCsrfToken();
fetch(`/tasks/${taskId}/subtasks`, { fetch(`/tasks/${taskId}/subtasks`, {
method: 'POST', method: 'POST',
headers: { headers: {
'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/x-www-form-urlencoded',
'X-Requested-With': 'XMLHttpRequest'
}, },
body: 'title=' + encodeURIComponent(title) + '&csrf_token=' + csrfToken body: 'title=' + encodeURIComponent(title)
}) })
.then(response => response.json()) .then(response => response.json())
.then(data => { .then(data => {
@ -322,14 +290,13 @@ function updateSubtasksCount() {
} }
function toggleSubtask(taskId, subtaskId) { function toggleSubtask(taskId, subtaskId) {
const csrfToken = getCsrfToken();
fetch(`/tasks/${taskId}/subtasks/${subtaskId}/toggle`, { fetch(`/tasks/${taskId}/subtasks/${subtaskId}/toggle`, {
method: 'POST', method: 'POST',
headers: { headers: {
'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/x-www-form-urlencoded',
'X-Requested-With': 'XMLHttpRequest'
}, },
body: 'csrf_token=' + csrfToken body: ''
}) })
.then(response => response.json()) .then(response => response.json())
.then(data => { .then(data => {
@ -349,14 +316,13 @@ function toggleSubtask(taskId, subtaskId) {
function deleteSubtask(taskId, subtaskId) { function deleteSubtask(taskId, subtaskId) {
if (!confirm('Удалить подзадачу?')) return; if (!confirm('Удалить подзадачу?')) return;
const csrfToken = getCsrfToken();
fetch(`/tasks/${taskId}/subtasks/${subtaskId}/delete`, { fetch(`/tasks/${taskId}/subtasks/${subtaskId}/delete`, {
method: 'POST', method: 'POST',
headers: { headers: {
'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/x-www-form-urlencoded',
'X-Requested-With': 'XMLHttpRequest'
}, },
body: 'csrf_token=' + csrfToken body: ''
}) })
.then(response => response.json()) .then(response => response.json())
.then(data => { .then(data => {