From b4bb0235c3e843f56cf5cdf052a74f817a8da7d9 Mon Sep 17 00:00:00 2001
From: Claude Chronicler #88 <claude@firefrostgaming.com>
Date: Tue, 14 Apr 2026 16:09:04 +0000
Subject: [PATCH] fix: add CSRF token to saveVersion fetch call

---
 .../arbiter-3.0/src/views/admin/servers/index.ejs   | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/services/arbiter-3.0/src/views/admin/servers/index.ejs b/services/arbiter-3.0/src/views/admin/servers/index.ejs
index 6073f0d..ef475b4 100644
--- a/services/arbiter-3.0/src/views/admin/servers/index.ejs
+++ b/services/arbiter-3.0/src/views/admin/servers/index.ejs
@@ -49,17 +49,20 @@ async function saveVersion(identifier) {
     try {
         const res = await fetch('/admin/servers/' + identifier + '/set-version', {
             method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
+            headers: {
+                'Content-Type': 'application/json',
+                'CSRF-Token': document.querySelector('meta[name="csrf-token"]') ?
+                    document.querySelector('meta[name="csrf-token"]').content :
+                    '<%= csrfToken %>'
+            },
             body: JSON.stringify({ version })
         });
         const text = await res.text();
         result.innerHTML = text;
 
         if (res.ok) {
-            const display = document.getElementById('version-display-' + identifier);
-            const span = display.querySelector('span');
-            span.textContent = version;
-            span.style.color = '#4ade80';
+            const span = document.getElementById('version-text-' + identifier);
+            if (span) { span.textContent = version; span.style.color = '#4ade80'; }
         }
     } catch (err) {
         result.innerHTML = '<span style="color:#ef4444">❌ Failed to save</span>';