fix(ERP-247): add CSRF token to AJAX calls in WriteOffsErp view

$.ajax() calls for confirm-write-off and re-send-write-off were posting
without _csrf token, causing BadRequestHttpException 400 on every request.
Added yii.getCsrfToken() to data payload of both calls.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

diff --git a/erp24/views/write_offs_erp/view.php b/erp24/views/write_offs_erp/view.php
index cd56a7d992de047f1e5092bc7ea58d729f434a8c..1286b973b7b1c223b0f0ad0f0c851e0b6a0f5ed2 100644 (file)
--- a/erp24/views/write_offs_erp/view.php
+++ b/erp24/views/write_offs_erp/view.php
@@ -242,7 +242,8 @@ $this->registerJsFile('/js/plyr.min.js', ['position' => View::POS_END]);
                     type: 'POST',
                     dataType: 'json',
                     data: {
-                        id : '" . $model->id . "'
+                        id : '" . $model->id . "',
+                        _csrf: yii.getCsrfToken()
                     },
                     success: function(model) {
                         console.log(model);
@@ -295,7 +296,8 @@ $this->registerJsFile('/js/plyr.min.js', ['position' => View::POS_END]);
                                         type: 'POST',
                                         dataType: 'json',
                                         data: {
-                                            id : '" . $model->id . "'
+                                            id : '" . $model->id . "',
+                                            _csrf: yii.getCsrfToken()
                                         },
                                         success: function(model) {
                                             console.log(model);