From 8bf0d86afdf2d76d44a0f676b5babecb699e73de Mon Sep 17 00:00:00 2001
From: Aleksey Filippov <Aleksey.Filippov@erp-flowers.ru>
Date: Sat, 28 Feb 2026 20:23:29 +0300
Subject: [PATCH] fix(ERP-247): add CSRF token to AJAX calls in WriteOffsErp
 view

$.ajax() calls for confirm-write-off and re-send-write-off were posting
without _csrf token, causing BadRequestHttpException 400 on every request.
Added yii.getCsrfToken() to data payload of both calls.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 erp24/views/write_offs_erp/view.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/erp24/views/write_offs_erp/view.php b/erp24/views/write_offs_erp/view.php
index cd56a7d9..1286b973 100644
--- a/erp24/views/write_offs_erp/view.php
+++ b/erp24/views/write_offs_erp/view.php
@@ -242,7 +242,8 @@ $this->registerJsFile('/js/plyr.min.js', ['position' => View::POS_END]);
                     type: 'POST',
                     dataType: 'json',
                     data: {
-                        id : '" . $model->id . "'
+                        id : '" . $model->id . "',
+                        _csrf: yii.getCsrfToken()
                     },
                     success: function(model) {
                         console.log(model);
@@ -295,7 +296,8 @@ $this->registerJsFile('/js/plyr.min.js', ['position' => View::POS_END]);
                                         type: 'POST',
                                         dataType: 'json',
                                         data: {
-                                            id : '" . $model->id . "'
+                                            id : '" . $model->id . "',
+                                            _csrf: yii.getCsrfToken()
                                         },
                                         success: function(model) {
                                             console.log(model);
-- 
2.39.5