custom JS removed in favor of proper CSRF implementation

2026-06-21 18:22:21 +02:00
parent 86888b3877
commit db6b609937
25 changed files with 94 additions and 72 deletions
--- a/assets/views/admin/orders/show.html
+++ b/assets/views/admin/orders/show.html
@@ -110,6 +110,7 @@
      <p class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="order-send-hint", lang=lang | default(value='sk')) }}</p>
      <form method="post" action="/admin/orders/{{ order.id }}/ship"
        onsubmit="return confirm('{{ t(key="order-send-confirm", lang=lang | default(value='sk')) }}')">
+  {{ ui::csrf_field() }}
        {% set carrier_up = carrier | upper %}
        {% set ship_label = t(key="order-send-to-carrier", lang=lang | default(value='sk')) ~ " " ~ carrier_up %}
        {{ ui::button(label=ship_label, type="submit", extra="w-full") }}
@@ -118,6 +119,7 @@
    </div>

    <form method="post" action="/admin/orders/{{ order.id }}/status" class="space-y-3 rounded-radius border border-outline bg-surface p-5 dark:border-outline-dark dark:bg-surface-dark-alt">
+  {{ ui::csrf_field() }}
      <label for="status" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="order-status", lang=lang | default(value='sk')) }}</label>
      <div class="relative">
        <select id="status" name="status"