Use base.js CSRF auto-injection for AJAX requests
- Remove manual CSRF handling from JavaScript - base.js already intercepts fetch() and adds X-CSRF-TOKEN automatically - Simplify JavaScript code for subtasks operations
This commit is contained in:
parent
1c98327de3
commit
e85390be84
|
|
@ -52,8 +52,6 @@ class TwigGlobalsExtension extends AbstractExtension
|
|||
new TwigFunction('is_module_active', [$this, 'isModuleActive'], ['is_safe' => ['html']]),
|
||||
new TwigFunction('is_module_available', [$this, 'isModuleAvailable'], ['is_safe' => ['html']]),
|
||||
new TwigFunction('csrf_meta', [$this, 'csrf_meta'], ['is_safe' => ['html']]),
|
||||
new TwigFunction('csrf_token', [$this, 'csrf_token'], ['is_safe' => ['html']]),
|
||||
new TwigFunction('csrf_hash', [$this, 'csrf_hash'], ['is_safe' => ['html']]),
|
||||
];
|
||||
}
|
||||
|
||||
|
|
@ -61,16 +59,6 @@ class TwigGlobalsExtension extends AbstractExtension
|
|||
{
|
||||
return csrf_meta();
|
||||
}
|
||||
|
||||
public function csrf_token(): string
|
||||
{
|
||||
return csrf_token();
|
||||
}
|
||||
|
||||
public function csrf_hash(): string
|
||||
{
|
||||
return csrf_hash();
|
||||
}
|
||||
// ========================================
|
||||
// Access Functions для Twig
|
||||
// ========================================
|
||||
|
|
|
|||
|
|
@ -227,13 +227,6 @@
|
|||
{% block scripts %}
|
||||
{{ parent() }}
|
||||
<script>
|
||||
function getCsrfData() {
|
||||
return {
|
||||
token: '{{ csrf_token() }}',
|
||||
hash: '{{ csrf_hash() }}'
|
||||
};
|
||||
}
|
||||
|
||||
function addSubtask(event, taskId) {
|
||||
event.preventDefault();
|
||||
const form = event.target;
|
||||
|
|
@ -242,15 +235,12 @@ function addSubtask(event, taskId) {
|
|||
|
||||
if (!title) return;
|
||||
|
||||
const csrf = getCsrfData();
|
||||
|
||||
fetch(`/tasks/${taskId}/subtasks`, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'X-Requested-With': 'XMLHttpRequest',
|
||||
'Content-Type': 'application/x-www-form-urlencoded',
|
||||
},
|
||||
body: `title=${encodeURIComponent(title)}&${csrf.token}=${csrf.hash}`
|
||||
body: 'title=' + encodeURIComponent(title)
|
||||
})
|
||||
.then(response => response.json())
|
||||
.then(data => {
|
||||
|
|
@ -299,15 +289,11 @@ function updateSubtasksCount() {
|
|||
}
|
||||
|
||||
function toggleSubtask(taskId, subtaskId) {
|
||||
const csrf = getCsrfData();
|
||||
|
||||
fetch(`/tasks/${taskId}/subtasks/${subtaskId}/toggle`, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'X-Requested-With': 'XMLHttpRequest',
|
||||
'Content-Type': 'application/x-www-form-urlencoded',
|
||||
},
|
||||
body: `${csrf.token}=${csrf.hash}`
|
||||
}
|
||||
})
|
||||
.then(response => response.json())
|
||||
.then(data => {
|
||||
|
|
@ -328,15 +314,11 @@ function toggleSubtask(taskId, subtaskId) {
|
|||
function deleteSubtask(taskId, subtaskId) {
|
||||
if (!confirm('Удалить подзадачу?')) return;
|
||||
|
||||
const csrf = getCsrfData();
|
||||
|
||||
fetch(`/tasks/${taskId}/subtasks/${subtaskId}/delete`, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'X-Requested-With': 'XMLHttpRequest',
|
||||
'Content-Type': 'application/x-www-form-urlencoded',
|
||||
},
|
||||
body: `${csrf.token}=${csrf.hash}`
|
||||
}
|
||||
})
|
||||
.then(response => response.json())
|
||||
.then(data => {
|
||||
|
|
|
|||
Loading…
Reference in New Issue