maciejpi/nordabiz
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: Add CSRF token to admin membership detail fetch requests

Browse Source 
All AJAX calls in membership_detail.html now include X-CSRFToken header
to prevent 'Błąd połączenia' errors when performing admin actions like
start-review, approve, reject, request-changes, and registry lookup.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Maciej Pienczyn 2026-02-01 14:11:59 +01:00
parent ebc3dd63d3
commit 3e23bd3e4e
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
templates/admin/membership_detail.html
View File

@ -794,6 +794,7 @@
{% block extra_js %}
const appId = {{ application.id }};
const appNip = '{{ application.nip or "" }}';
const csrfToken = '{{ csrf_token() }}';
let registryData = null;
// Pobieranie danych z rejestru
@ -815,7 +816,7 @@ async function lookupRegistry() {
try {
const response = await fetch('/api/membership/lookup-nip', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
headers: { 'Content-Type': 'application/json', 'X-CSRFToken': csrfToken },
body: JSON.stringify({ nip: appNip })
});
@ -912,7 +913,7 @@ async function applyRegistryData() {
try {
const response = await fetch(`/admin/membership/${appId}/update-from-registry`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
headers: { 'Content-Type': 'application/json', 'X-CSRFToken': csrfToken },
body: JSON.stringify(registryData)
});
@ -948,7 +949,7 @@ async function startReview() {
try {
const response = await fetch(`/admin/membership/${appId}/start-review`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' }
headers: { 'Content-Type': 'application/json', 'X-CSRFToken': csrfToken }
});
const result = await response.json();
if (result.success) {
@ -968,7 +969,7 @@ async function approve() {
try {
const response = await fetch(`/admin/membership/${appId}/approve`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
headers: { 'Content-Type': 'application/json', 'X-CSRFToken': csrfToken },
body: JSON.stringify({ category_id: categoryId || null, comment: comment })
});
const result = await response.json();
@ -993,7 +994,7 @@ async function reject() {
try {
const response = await fetch(`/admin/membership/${appId}/reject`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
headers: { 'Content-Type': 'application/json', 'X-CSRFToken': csrfToken },
body: JSON.stringify({ comment: comment })
});
const result = await response.json();
@ -1017,7 +1018,7 @@ async function requestChanges() {
try {
const response = await fetch(`/admin/membership/${appId}/request-changes`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
headers: { 'Content-Type': 'application/json', 'X-CSRFToken': csrfToken },
body: JSON.stringify({ comment: comment })
});
const result = await response.json();