From: Alexander Smirnov Date: Wed, 25 Dec 2024 07:36:38 +0000 (+0300) Subject: [ERP-271] disable csrf validation for pending X-Git-Tag: 1.7~109^2 X-Git-Url: https://gitweb.erp-flowers.ru/?a=commitdiff_plain;h=a0946837ca7721eb755f79db94fbc8a22611da64;p=erp24_rep%2Fyii-erp24%2F.git [ERP-271] disable csrf validation for pending --- diff --git a/erp24/controllers/NotificationController.php b/erp24/controllers/NotificationController.php index fc866ac5..0e0bf65e 100644 --- a/erp24/controllers/NotificationController.php +++ b/erp24/controllers/NotificationController.php @@ -19,6 +19,15 @@ class NotificationController extends Controller ]; } + public function beforeAction($action) + { + if ($action->id == 'pending') { + $this->enableCsrfValidation = false; + } + + return parent::beforeAction($action); + } + public function actionDelete($id) { $notification = Notification::findOne($id); if ($notification && (Yii::$app->user->id == $notification->created_by || Yii::$app->user->can('notification/deleteAll'))) { diff --git a/erp24/log/TelegramTarget.php b/erp24/log/TelegramTarget.php index 24d037ad..fe478987 100644 --- a/erp24/log/TelegramTarget.php +++ b/erp24/log/TelegramTarget.php @@ -126,9 +126,6 @@ class TelegramTarget extends \yii\log\Target $level .= '```' . $message->getCommandLine() . '```'; } else { $level .= '[' . $message->getUrl() . '](' . $message->getUrl() . ')'; - if (str_contains($message->getUrl(), "erp-flowers.ru/notification/pending")) { - return; - } } // Текст сообщения diff --git a/erp24/web/js/notification.js b/erp24/web/js/notification.js index 60cd23c9..36846286 100644 --- a/erp24/web/js/notification.js +++ b/erp24/web/js/notification.js @@ -1,5 +1,3 @@ -const param1 = $('meta[name=csrf-param]').attr("content"); -const token1 = $('meta[name=csrf-token]').attr("content"); let pendingAllowed = true; setTimeout(initPendingNotifications, 3000); @@ -38,7 +36,7 @@ function pendingNotifications() { $.ajax({ method: 'POST', url: window.location.origin + '/notification/pending', - data: { action: 'pendingNotifications', [param1]: token1}, + data: { action: 'pendingNotifications'}, dataType: "json", success: function (data) { updateKolokolchik(data); @@ -59,7 +57,7 @@ function notificationIsShown(notification_id) { $.ajax({ method: 'POST', url: window.location.origin + '/notification/pending', - data: {action: 'notificationIsShown', notification_id, [param1]: token1}, + data: {action: 'notificationIsShown', notification_id}, dataType: "json", success: function (data) { } });