From dd07295750949cd22e970fc3660b11520a06ad96 Mon Sep 17 00:00:00 2001
From: Aleksey Filippov <Aleksey.Filippov@erp-flowers.ru>
Date: Sat, 28 Feb 2026 23:34:13 +0300
Subject: [PATCH] fix: add _csrf token to delete-video AJAX in write_offs_erp
 form

POST request to write-offs-erp/delete-video was missing _csrf token,
causing 400 BadRequestHttpException on every video removal.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 erp24/views/write_offs_erp/_form.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/erp24/views/write_offs_erp/_form.php b/erp24/views/write_offs_erp/_form.php
index 26c65037..ed152eb0 100644
--- a/erp24/views/write_offs_erp/_form.php
+++ b/erp24/views/write_offs_erp/_form.php
@@ -364,6 +364,7 @@ $this->registerJsFile('/js/heic_to_jpg_replace.js', ['position' => \yii\web\View
                                             url: deleteUrl,
                                             type: 'POST',
                                             dataType: 'json',
+                                            data: { _csrf: yii.getCsrfToken() },
                                             success: function(response) {
                                                 if (!response.success) {
                                                     alert('ÐÑÐ¸Ð±ÐºÐ° ÑÐ´Ð°Ð»ÐµÐ½Ð¸Ñ Ð²Ð¸Ð´ÐµÐ¾');
-- 
2.39.5