Use base.js CSRF auto-injection for AJAX requests

- Remove manual CSRF handling from JavaScript
- base.js already intercepts fetch() and adds X-CSRF-TOKEN automatically
- Simplify JavaScript code for subtasks operations

app/Libraries/Twig/TwigGlobalsExtension.php

@@ -52,8 +52,6 @@ class TwigGlobalsExtension extends AbstractExtension
             new TwigFunction('is_module_active', [$this, 'isModuleActive'], ['is_safe' => ['html']]),
             new TwigFunction('is_module_available', [$this, 'isModuleAvailable'], ['is_safe' => ['html']]),
             new TwigFunction('csrf_meta', [$this, 'csrf_meta'], ['is_safe' => ['html']]),
-            new TwigFunction('csrf_token', [$this, 'csrf_token'], ['is_safe' => ['html']]),
-            new TwigFunction('csrf_hash', [$this, 'csrf_hash'], ['is_safe' => ['html']]),
         ];
     }
 
@@ -61,16 +59,6 @@ class TwigGlobalsExtension extends AbstractExtension
     {
         return csrf_meta();
     }
-
-    public function csrf_token(): string
-    {
-        return csrf_token();
-    }
-
-    public function csrf_hash(): string
-    {
-        return csrf_hash();
-    }
     // ========================================
     // Access Functions для Twig
     // ========================================

app/Modules/Tasks/Views/tasks/show.twig

@@ -227,13 +227,6 @@
 {% block scripts %}
 {{ parent() }}
 <script>
-function getCsrfData() {
-    return {
-        token: '{{ csrf_token() }}',
-        hash: '{{ csrf_hash() }}'
-    };
-}
-
 function addSubtask(event, taskId) {
     event.preventDefault();
     const form = event.target;
@@ -242,15 +235,12 @@ function addSubtask(event, taskId) {
 
     if (!title) return;
 
-    const csrf = getCsrfData();
-
     fetch(`/tasks/${taskId}/subtasks`, {
         method: 'POST',
         headers: {
             'X-Requested-With': 'XMLHttpRequest',
-            'Content-Type': 'application/x-www-form-urlencoded',
         },
-        body: `title=${encodeURIComponent(title)}&${csrf.token}=${csrf.hash}`
+        body: 'title=' + encodeURIComponent(title)
     })
     .then(response => response.json())
     .then(data => {
@@ -299,15 +289,11 @@ function updateSubtasksCount() {
 }
 
 function toggleSubtask(taskId, subtaskId) {
-    const csrf = getCsrfData();
-
     fetch(`/tasks/${taskId}/subtasks/${subtaskId}/toggle`, {
         method: 'POST',
         headers: {
             'X-Requested-With': 'XMLHttpRequest',
-            'Content-Type': 'application/x-www-form-urlencoded',
+        }
-        },
-        body: `${csrf.token}=${csrf.hash}`
     })
     .then(response => response.json())
     .then(data => {
@@ -328,15 +314,11 @@ function toggleSubtask(taskId, subtaskId) {
 function deleteSubtask(taskId, subtaskId) {
     if (!confirm('Удалить подзадачу?')) return;
 
-    const csrf = getCsrfData();
-
     fetch(`/tasks/${taskId}/subtasks/${subtaskId}/delete`, {
         method: 'POST',
         headers: {
             'X-Requested-With': 'XMLHttpRequest',
-            'Content-Type': 'application/x-www-form-urlencoded',
+        }
-        },
-        body: `${csrf.token}=${csrf.hash}`
     })
     .then(response => response.json())
     .then(data => {