fix: add CSRF token to saveVersion fetch call

2026-04-14 16:09:04 +00:00
parent ccc7568c06
commit b4bb0235c3
1 changed files with 8 additions and 5 deletions
--- a/services/arbiter-3.0/src/views/admin/servers/index.ejs
+++ b/services/arbiter-3.0/src/views/admin/servers/index.ejs
@@ -49,17 +49,20 @@ async function saveVersion(identifier) {
    try {
        const res = await fetch('/admin/servers/' + identifier + '/set-version', {
            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
+            headers: {
+                'Content-Type': 'application/json',
+                'CSRF-Token': document.querySelector('meta[name="csrf-token"]') ?
+                    document.querySelector('meta[name="csrf-token"]').content :
+                    '<%= csrfToken %>'
+            },
            body: JSON.stringify({ version })
        });
        const text = await res.text();
        result.innerHTML = text;

        if (res.ok) {
-            const display = document.getElementById('version-display-' + identifier);
-            const span = display.querySelector('span');
-            span.textContent = version;
-            span.style.color = '#4ade80';
+            const span = document.getElementById('version-text-' + identifier);
+            if (span) { span.textContent = version; span.style.color = '#4ade80'; }
        }
    } catch (err) {
        result.innerHTML = '<span style="color:#ef4444">❌ Failed to save</span>';