Bug 38993: Send CSRF token for Vue fetches

We need it for syspref at least. Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2025-03-20 16:39:30 +01:00 · 2025-03-20 16:39:30 +01:00 · 767b5be945
commit 767b5be945
parent 2fc1b5f825
1 changed files with 10 additions and 3 deletions
--- a/koha-tmpl/intranet-tmpl/prog/js/vue/fetch/http-client.js
+++ b/koha-tmpl/intranet-tmpl/prog/js/vue/fetch/http-client.js
@ -6,6 +6,7 @@ class HttpClient {
        this._headers = options.headers || {
            "Content-Type": "application/json;charset=utf-8",
        };
+        this.csrf_token = $('meta[name="csrf-token"]').attr("content");
    }

    async _fetchJSON(
@ -83,9 +84,11 @@ class HttpClient {
                ? params.body
                : JSON.stringify(params.body)
            : undefined;
+        let csrf_token = { "CSRF-TOKEN": this.csrf_token };
+        let headers = { ...csrf_token, ...params.headers };
        return this._fetchJSON(
            params.endpoint,
-            params.headers,
+            headers,
            {
                ...params.options,
                body,
@ -102,9 +105,11 @@ class HttpClient {
                ? params.body
                : JSON.stringify(params.body)
            : undefined;
+        let csrf_token = { "CSRF-TOKEN": this.csrf_token };
+        let headers = { ...csrf_token, ...params.headers };
        return this._fetchJSON(
            params.endpoint,
-            params.headers,
+            headers,
            {
                ...params.options,
                body,
@ -116,9 +121,11 @@ class HttpClient {
    }

    delete(params = {}) {
+        let csrf_token = { "CSRF-TOKEN": this.csrf_token };
+        let headers = { ...csrf_token, ...params.headers };
        return this._fetchJSON(
            params.endpoint,
-            params.headers,
+            headers,
            {
                parseResponse: false,
                ...params.options,