- Disable CSRF validation on ShiftReminderController: endpoint is
protected by session authentication (AccessControl, roles=['@']).
CSRF cookies may be absent in browsers with strict privacy settings,
causing false 400 errors for legitimate authenticated users.
- Stop retrying on 400/401/403 responses in shift-reminder.js to prevent
cascading error floods in logs when auth/validation fails.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
*/
class ShiftReminderController extends Controller
{
+ /**
+ * Disable CSRF validation — endpoint is protected by session authentication
+ * (AccessControl requires authenticated user). CSRF cookies may be absent
+ * in browsers with strict privacy settings, causing false 400 errors.
+ */
+ public $enableCsrfValidation = false;
+
/**
* {@inheritdoc}
*/
return;
}
+ if (xhr.status === 400 || xhr.status === 401 || xhr.status === 403) {
+ // Auth/validation error - no point retrying, stop polling
+ console.error('ShiftReminder: server rejected request (' + xhr.status + '), polling stopped.');
+ return;
+ }
+
// Network error - implement exponential backoff
if (state.retryCount < CONFIG.retryIntervals.length - 1) {
state.retryCount++;
projects / erp24_rep / yii-erp24 / .git / commitdiff