From e9d2fcf1c0d289602d9dda027804b40a0d92ae59 Mon Sep 17 00:00:00 2001 From: mirivlad Date: Fri, 17 Apr 2026 19:05:47 +0800 Subject: [PATCH] fix: Delete via GET instead of AJAX - Use GET /{id}/delete instead of DELETE - Simple link with confirm() instead of fetch - Removed CSRF for delete routes --- public/index.php | 8 ++++---- templates/groups/index.twig | 31 ++----------------------------- templates/servers/index.twig | 30 ++---------------------------- 3 files changed, 8 insertions(+), 61 deletions(-) diff --git a/public/index.php b/public/index.php index 9f4f8ac..49c09d0 100755 --- a/public/index.php +++ b/public/index.php @@ -194,9 +194,9 @@ $groupsGroup = $app->group('/groups', function ($group) use ($groupController) { $group->post('', [$groupController, 'store']); $group->get('/{id}/edit', [$groupController, 'edit']); $group->post('/{id}', [$groupController, 'update']); - $group->delete('/{id}', [$groupController, 'delete']); + $group->get('/{id}/delete', [$groupController, 'delete']); $group->get('/{id}', [$groupController, 'show']); -})->add($csrfMiddleware)->add(new CsrfHeaderMiddleware())->add(AuthMiddleware::class); +})->add(AuthMiddleware::class); // Redirect old /server/{id} to /servers/{id} $app->get("/server/{id}", function ($request, $response, $args) { @@ -210,11 +210,11 @@ $serversGroup = $app->group('/servers', function ($group) use ($serverController $group->post('', [$serverController, 'store']); $group->get('/{id}/edit', [$serverController, 'edit']); $group->post('/{id}', [$serverController, 'update']); - $group->delete('/{id}', [$serverController, 'delete']); + $group->get('/{id}/delete', [$serverController, 'delete']); $group->get('/{id}/regenerate-token', [$serverController, 'regenerateToken']); $group->post('/{id}/thresholds', [$serverDetailController, 'saveThresholds']); $group->post('/{id}/services', [$serverDetailController, 'saveServices']); -})->add($csrfMiddleware)->add(new CsrfHeaderMiddleware())->add(AuthMiddleware::class); +})->add(AuthMiddleware::class); // Server detail route (protected with auth middleware and csrf) $app->get('/servers/{id}', [$serverDetailController, 'show'])->add(AuthMiddleware::class); diff --git a/templates/groups/index.twig b/templates/groups/index.twig index ae8dfdd..66b2613 100755 --- a/templates/groups/index.twig +++ b/templates/groups/index.twig @@ -1,33 +1,6 @@ {% extends "layout.twig" %} {% block content %} - -
@@ -71,9 +44,9 @@ function deleteGroup(id) { Редактировать - + {% endfor %} diff --git a/templates/servers/index.twig b/templates/servers/index.twig index 713a142..7d610c3 100755 --- a/templates/servers/index.twig +++ b/templates/servers/index.twig @@ -1,32 +1,6 @@ {% extends "layout.twig" %} {% block content %} - -
@@ -78,9 +52,9 @@ function deleteServer(id) { Редактировать - + {% endfor %}