[ERP-271] disable csrf validation for pending

author Alexander Smirnov <fredeom@mail.ru>

Wed, 25 Dec 2024 07:36:38 +0000 (10:36 +0300)

committer Alexander Smirnov <fredeom@mail.ru>

Wed, 25 Dec 2024 07:36:38 +0000 (10:36 +0300)
author Alexander Smirnov <fredeom@mail.ru>
Wed, 25 Dec 2024 07:36:38 +0000 (10:36 +0300)
committer Alexander Smirnov <fredeom@mail.ru>
Wed, 25 Dec 2024 07:36:38 +0000 (10:36 +0300)
diff --git a/erp24/controllers/NotificationController.php b/erp24/controllers/NotificationController.php

index fc866ac5c056118d8fe31418f0a07a10402b2d46..0e0bf65efb2eee22c8a130d6e93dae5a30a3d999 100644 (file)
--- a/erp24/controllers/NotificationController.php
+++ b/erp24/controllers/NotificationController.php
@@ -19,6 +19,15 @@ class NotificationController extends Controller
          ];
      }
  
+    public function beforeAction($action)
+    {
+        if ($action->id == 'pending') {
+            $this->enableCsrfValidation = false;
+        }
+
+        return parent::beforeAction($action);
+    }
+
      public function actionDelete($id) {
          $notification = Notification::findOne($id);
          if ($notification && (Yii::$app->user->id == $notification->created_by || Yii::$app->user->can('notification/deleteAll'))) {
diff --git a/erp24/log/TelegramTarget.php b/erp24/log/TelegramTarget.php

index 24d037addf3e72b1ccd81b6b690bd6cb28db07cc..fe478987d86ec8670ac9c5cbffdd5d9653bd9b33 100644 (file)
--- a/erp24/log/TelegramTarget.php
+++ b/erp24/log/TelegramTarget.php
@@ -126,9 +126,6 @@ class TelegramTarget extends \yii\log\Target
              $level .= '```' . $message->getCommandLine() . '```';
          } else {
              $level .= '[' . $message->getUrl() . '](' . $message->getUrl() . ')';
-            if (str_contains($message->getUrl(), "erp-flowers.ru/notification/pending")) {
-                return;
-            }
          }
  
          // Текст сообщения
diff --git a/erp24/web/js/notification.js b/erp24/web/js/notification.js

index 60cd23c9da6af213339c223bdb3508a46f267407..36846286283dc4b91a745611736db31fa10824db 100644 (file)
--- a/erp24/web/js/notification.js
+++ b/erp24/web/js/notification.js
@@ -1,5 +1,3 @@
-const param1 = $('meta[name=csrf-param]').attr("content");
-const token1 = $('meta[name=csrf-token]').attr("content");
  let pendingAllowed = true;
  
  setTimeout(initPendingNotifications, 3000);
@@ -38,7 +36,7 @@ function pendingNotifications() {
      $.ajax({
          method: 'POST',
          url: window.location.origin + '/notification/pending',
-        data: { action: 'pendingNotifications', [param1]: token1},
+        data: { action: 'pendingNotifications'},
          dataType: "json",
          success: function (data) {
              updateKolokolchik(data);
@@ -59,7 +57,7 @@ function notificationIsShown(notification_id) {
      $.ajax({
          method: 'POST',
          url: window.location.origin + '/notification/pending',
-        data: {action: 'notificationIsShown', notification_id, [param1]: token1},
+        data: {action: 'notificationIsShown', notification_id},
          dataType: "json",
          success: function (data) { }
      });
author	Alexander Smirnov <fredeom@mail.ru>
	Wed, 25 Dec 2024 07:36:38 +0000 (10:36 +0300)
committer	Alexander Smirnov <fredeom@mail.ru>
	Wed, 25 Dec 2024 07:36:38 +0000 (10:36 +0300)
erp24/controllers/NotificationController.php		patch \| blob \| history
erp24/log/TelegramTarget.php		patch \| blob \| history
erp24/web/js/notification.js		patch \| blob \| history