Fix CSRF token undefined error in user_tokens.html template

- Remove undefined csrf_token() function calls from JavaScript code - The API token management routes use session-based authentication (Flask-Login) - CSRF protection was not properly configured in the Flask application - Template now loads without Jinja2 template errors

Fix CSRF token undefined error in user_tokens.html template
- Remove undefined csrf_token() function calls from JavaScript code - The API token management routes use session-based authentication (Flask-Login) - CSRF protection was not properly configured in the Flask application - Template now loads without Jinja2 template errors
d8abcab4 · Stefy Lanza (nextime / spora ) · f4ca50d6 · d8abcab4
Commit d8abcab4 authored Aug 18, 2025 by Stefy Lanza (nextime / spora )
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 12 deletions

user_tokens.html app/templates/main/user_tokens.html +4 -12

No files found.
--- a/app/templates/main/user_tokens.html
+++ b/app/templates/main/user_tokens.html
@@ -260,8 +260,7 @@ document.getElementById('createTokenForm').addEventListener('submit', async func
        const response = await fetch('{{ url_for("main.create_api_token") }}', {
            method: 'POST',
            headers: {
-                'Content-Type': 'application/json',
-                'X-CSRFToken': '{{ csrf_token() }}'
+                'Content-Type': 'application/json'
            },
            body: JSON.stringify({ name: tokenName })
        });
@@ -308,8 +307,7 @@ document.getElementById('extendTokenForm').addEventListener('submit', async func
        const response = await fetch(`{{ url_for("main.extend_api_token", token_id=0) }}`.replace('0', currentTokenId), {
            method: 'POST',
            headers: {
-                'Content-Type': 'application/json',
-                'X-CSRFToken': '{{ csrf_token() }}'
+                'Content-Type': 'application/json'
            },
            body: JSON.stringify({ days: days })
        });
@@ -338,10 +336,7 @@ async function revokeToken(tokenId, tokenName) {
    
    try {
        const response = await fetch(`{{ url_for("main.revoke_api_token", token_id=0) }}`.replace('0', tokenId), {
-            method: 'POST',
-            headers: {
-                'X-CSRFToken': '{{ csrf_token() }}'
-            }
+            method: 'POST'
        });
        
        const data = await response.json();
@@ -365,10 +360,7 @@ async function deleteToken(tokenId, tokenName) {
    
    try {
        const response = await fetch(`{{ url_for("main.delete_api_token", token_id=0) }}`.replace('0', tokenId), {
-            method: 'DELETE',
-            headers: {
-                'X-CSRFToken': '{{ csrf_token() }}'
-            }
+            method: 'DELETE'
        });
        
        const data = await response.json();