Use base.js CSRF handling approach like kanban
- Remove manual CSRF token handling - Let base.js automatically add X-CSRF-TOKEN header - Use same approach as kanban board for AJAX requests
This commit is contained in:
parent
735ebd8bd7
commit
7badf73b50
|
|
@ -227,37 +227,6 @@
|
|||
{% block scripts %}
|
||||
{{ parent() }}
|
||||
<script>
|
||||
function getCsrfToken() {
|
||||
// 1. Пробуем из мета-тега
|
||||
const meta = document.querySelector('meta[name="csrf-token"]');
|
||||
if (meta && meta.getAttribute('content')) {
|
||||
return meta.getAttribute('content');
|
||||
}
|
||||
|
||||
// 2. Пробуем из data-атрибута body
|
||||
if (document.body && document.body.dataset.csrfToken) {
|
||||
return document.body.dataset.csrfToken;
|
||||
}
|
||||
|
||||
// 3. Пробуем из скрытого input на странице
|
||||
const csrfInput = document.querySelector('input[name*="csrf"]');
|
||||
if (csrfInput && csrfInput.value) {
|
||||
return csrfInput.value;
|
||||
}
|
||||
|
||||
// 4. Пробуем из cookie
|
||||
const cookies = document.cookie.split(';');
|
||||
for (let cookie of cookies) {
|
||||
const [name, value] = cookie.trim().split('=');
|
||||
if (name === 'csrf_cookie_name' && value) {
|
||||
return decodeURIComponent(value);
|
||||
}
|
||||
}
|
||||
|
||||
console.warn('CSRF token not found anywhere');
|
||||
return '';
|
||||
}
|
||||
|
||||
function addSubtask(event, taskId) {
|
||||
event.preventDefault();
|
||||
const form = event.target;
|
||||
|
|
@ -266,14 +235,13 @@ function addSubtask(event, taskId) {
|
|||
|
||||
if (!title) return;
|
||||
|
||||
const csrfToken = getCsrfToken();
|
||||
|
||||
fetch(`/tasks/${taskId}/subtasks`, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'X-Requested-With': 'XMLHttpRequest',
|
||||
'Content-Type': 'application/x-www-form-urlencoded',
|
||||
'X-Requested-With': 'XMLHttpRequest'
|
||||
},
|
||||
body: 'title=' + encodeURIComponent(title) + '&csrf_token=' + csrfToken
|
||||
body: 'title=' + encodeURIComponent(title)
|
||||
})
|
||||
.then(response => response.json())
|
||||
.then(data => {
|
||||
|
|
@ -322,14 +290,13 @@ function updateSubtasksCount() {
|
|||
}
|
||||
|
||||
function toggleSubtask(taskId, subtaskId) {
|
||||
const csrfToken = getCsrfToken();
|
||||
|
||||
fetch(`/tasks/${taskId}/subtasks/${subtaskId}/toggle`, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'X-Requested-With': 'XMLHttpRequest',
|
||||
'Content-Type': 'application/x-www-form-urlencoded',
|
||||
'X-Requested-With': 'XMLHttpRequest'
|
||||
},
|
||||
body: 'csrf_token=' + csrfToken
|
||||
body: ''
|
||||
})
|
||||
.then(response => response.json())
|
||||
.then(data => {
|
||||
|
|
@ -349,14 +316,13 @@ function toggleSubtask(taskId, subtaskId) {
|
|||
function deleteSubtask(taskId, subtaskId) {
|
||||
if (!confirm('Удалить подзадачу?')) return;
|
||||
|
||||
const csrfToken = getCsrfToken();
|
||||
|
||||
fetch(`/tasks/${taskId}/subtasks/${subtaskId}/delete`, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'X-Requested-With': 'XMLHttpRequest',
|
||||
'Content-Type': 'application/x-www-form-urlencoded',
|
||||
'X-Requested-With': 'XMLHttpRequest'
|
||||
},
|
||||
body: 'csrf_token=' + csrfToken
|
||||
body: ''
|
||||
})
|
||||
.then(response => response.json())
|
||||
.then(data => {
|
||||
|
|
|
|||
Loading…
Reference in New Issue