fix: Delete via GET instead of AJAX

- Use GET /{id}/delete instead of DELETE - Simple link with confirm() instead of fetch - Removed CSRF for delete routes
2026-04-17 19:05:47 +08:00 · 2026-04-17 19:05:47 +08:00 · e9d2fcf1c0
parent d5318f7e16
commit e9d2fcf1c0
3 changed files with 8 additions and 61 deletions
--- a/public/index.php
+++ b/public/index.php
@ -194,9 +194,9 @@ $groupsGroup = $app->group('/groups', function ($group) use ($groupController) {
    $group->post('', [$groupController, 'store']);
    $group->get('/{id}/edit', [$groupController, 'edit']);
    $group->post('/{id}', [$groupController, 'update']);
-    $group->delete('/{id}', [$groupController, 'delete']);
+    $group->get('/{id}/delete', [$groupController, 'delete']);
    $group->get('/{id}', [$groupController, 'show']);
-})->add($csrfMiddleware)->add(new CsrfHeaderMiddleware())->add(AuthMiddleware::class);
+})->add(AuthMiddleware::class);

 // Redirect old /server/{id} to /servers/{id}
 $app->get("/server/{id}", function ($request, $response, $args) {
@ -210,11 +210,11 @@ $serversGroup = $app->group('/servers', function ($group) use ($serverController
    $group->post('', [$serverController, 'store']);
    $group->get('/{id}/edit', [$serverController, 'edit']);
    $group->post('/{id}', [$serverController, 'update']);
-    $group->delete('/{id}', [$serverController, 'delete']);
+    $group->get('/{id}/delete', [$serverController, 'delete']);
    $group->get('/{id}/regenerate-token', [$serverController, 'regenerateToken']);
    $group->post('/{id}/thresholds', [$serverDetailController, 'saveThresholds']);
    $group->post('/{id}/services', [$serverDetailController, 'saveServices']);
-})->add($csrfMiddleware)->add(new CsrfHeaderMiddleware())->add(AuthMiddleware::class);
+})->add(AuthMiddleware::class);

 // Server detail route (protected with auth middleware and csrf)
 $app->get('/servers/{id}', [$serverDetailController, 'show'])->add(AuthMiddleware::class);
--- a/templates/groups/index.twig
+++ b/templates/groups/index.twig
@ -1,33 +1,6 @@
 {% extends "layout.twig" %}

 {% block content %}
-<script>
-function deleteGroup(id) {
-    if (!confirm('Вы уверены, что хотите удалить эту группу?')) return;
-    
-    var csrfName = document.querySelector('input[name="{{ csrf.name_key }}"]');
-    var csrfValue = document.querySelector('input[name="{{ csrf.value_key }}"]');
-    
-    fetch('/groups/' + id, {
-        method: 'DELETE',
-        headers: {
-            'Content-Type': 'application/json',
-            'X-CSRF-TOKEN': csrfValue ? csrfValue.value : '',
-        }
-    })
-    .then(response => {
-        if (response.ok) {
-            location.reload();
-        } else {
-            alert('Ошибка при удалении группы');
-        }
-    })
-    .catch(err => {
-        alert('Ошибка: ' + err);
-    });
-}
-</script>
-
 <div class="row">
    <div class="col-12">
        <div class="d-flex justify-content-between align-items-center mb-3">
@ -71,9 +44,9 @@ function deleteGroup(id) {
                                    <a href="/groups/{{ group.id }}/edit" class="btn btn-sm btn-outline-primary me-1">
                                        <i class="fas fa-edit"></i> <span class="d-none d-sm-inline">Редактировать</span>
                                    </a>
-                                    <button type="button" class="btn btn-sm btn-outline-danger" onclick="deleteGroup({{ group.id }})">
+                                    <a href="/groups/{{ group.id }}/delete" class="btn btn-sm btn-outline-danger" onclick="return confirm('Вы уверены, что хотите удалить эту группу?');">
                                        <i class="fas fa-trash"></i> <span class="d-none d-sm-inline">Удалить</span>
-                                    </button>
+                                    </a>
                                </td>
                            </tr>
                            {% endfor %}
--- a/templates/servers/index.twig
+++ b/templates/servers/index.twig
@ -1,32 +1,6 @@
 {% extends "layout.twig" %}

 {% block content %}
-<script>
-function deleteServer(id) {
-    if (!confirm('Вы уверены, что хотите удалить этот сервер?')) return;
-    
-    var csrfValue = document.querySelector('input[name="{{ csrf.value_key }}"]');
-    
-    fetch('/servers/' + id, {
-        method: 'DELETE',
-        headers: {
-            'Content-Type': 'application/json',
-            'X-CSRF-TOKEN': csrfValue ? csrfValue.value : '',
-        }
-    })
-    .then(response => {
-        if (response.ok) {
-            location.reload();
-        } else {
-            alert('Ошибка при удалении сервера');
-        }
-    })
-    .catch(err => {
-        alert('Ошибка: ' + err);
-    });
-}
-</script>
-
 <div class="row">
    <div class="col-12">
        <div class="d-flex justify-content-between align-items-center mb-3">
@ -78,9 +52,9 @@ function deleteServer(id) {
                                    <a href="/servers/{{ server.id }}/edit" class="btn btn-sm btn-outline-primary" title="Редактировать">
                                        <i class="fas fa-edit"></i> <span class="d-none d-sm-inline">Редактировать</span>
                                    </a>
-                                    <button type="button" class="btn btn-sm btn-outline-danger" title="Удалить" onclick="deleteServer({{ server.id }})">
+                                    <a href="/servers/{{ server.id }}/delete" class="btn btn-sm btn-outline-danger" title="Удалить" onclick="return confirm('Вы уверены, что хотите удалить этот сервер?');">
                                        <i class="fas fa-trash"></i> <span class="d-none d-sm-inline">Удалить</span>
-                                    </button>
+                                    </a>
                                </td>
                            </tr>
                            {% endfor %}