From 767b5be9451cfd9c4479f7c3ad877e2341646648 Mon Sep 17 00:00:00 2001
From: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Date: Thu, 20 Mar 2025 16:39:30 +0100
Subject: [PATCH] Bug 38993: Send CSRF token for Vue fetches

We need it for syspref at least.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
---
 .../intranet-tmpl/prog/js/vue/fetch/http-client.js  | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/js/vue/fetch/http-client.js b/koha-tmpl/intranet-tmpl/prog/js/vue/fetch/http-client.js
index ffee1ce979..abb4b9e6fb 100644
--- a/koha-tmpl/intranet-tmpl/prog/js/vue/fetch/http-client.js
+++ b/koha-tmpl/intranet-tmpl/prog/js/vue/fetch/http-client.js
@@ -6,6 +6,7 @@ class HttpClient {
         this._headers = options.headers || {
             "Content-Type": "application/json;charset=utf-8",
         };
+        this.csrf_token = $('meta[name="csrf-token"]').attr("content");
     }
 
     async _fetchJSON(
@@ -83,9 +84,11 @@ class HttpClient {
                 ? params.body
                 : JSON.stringify(params.body)
             : undefined;
+        let csrf_token = { "CSRF-TOKEN": this.csrf_token };
+        let headers = { ...csrf_token, ...params.headers };
         return this._fetchJSON(
             params.endpoint,
-            params.headers,
+            headers,
             {
                 ...params.options,
                 body,
@@ -102,9 +105,11 @@ class HttpClient {
                 ? params.body
                 : JSON.stringify(params.body)
             : undefined;
+        let csrf_token = { "CSRF-TOKEN": this.csrf_token };
+        let headers = { ...csrf_token, ...params.headers };
         return this._fetchJSON(
             params.endpoint,
-            params.headers,
+            headers,
             {
                 ...params.options,
                 body,
@@ -116,9 +121,11 @@ class HttpClient {
     }
 
     delete(params = {}) {
+        let csrf_token = { "CSRF-TOKEN": this.csrf_token };
+        let headers = { ...csrf_token, ...params.headers };
         return this._fetchJSON(
             params.endpoint,
-            params.headers,
+            headers,
             {
                 parseResponse: false,
                 ...params.options,