feat: send xsrf_token header

2025-12-04 07:17:31 +03:00 · 2025-12-04 07:17:31 +03:00 · 1bbfa338d9
commit 1bbfa338d9
parent b79a6b9117
15 changed files with 151 additions and 27 deletions
--- a/modules/frontend/src/api/services/DefaultService.ts
+++ b/modules/frontend/src/api/services/DefaultService.ts
@ -135,12 +135,16 @@ export class DefaultService {
     * Password updates must be done via the dedicated auth-service (`/auth/`).
     * Fields not provided in the request body remain unchanged.
     *
+     * @param xXsrfToken Anti-CSRF token. Must match the `XSRF-TOKEN` cookie.
+     * Required for all state-changing requests (POST/PUT/PATCH/DELETE).
+     *
     * @param userId User ID (primary key)
     * @param requestBody
     * @returns User User updated successfully. Returns updated user representation (excluding sensitive fields).
     * @throws ApiError
     */
    public static updateUser(
+        xXsrfToken: string,
        userId: number,
        requestBody: {
            /**
@ -171,6 +175,9 @@ export class DefaultService {
            path: {
                'user_id': userId,
            },
+            headers: {
+                'X-XSRF-TOKEN': xXsrfToken,
+            },
            body: requestBody,
            mediaType: 'application/json',
            errors: {
@ -309,6 +316,9 @@ export class DefaultService {
    /**
     * Update a usertitle
     * User updating title list of watched
+     * @param xXsrfToken Anti-CSRF token. Must match the `XSRF-TOKEN` cookie.
+     * Required for all state-changing requests (POST/PUT/PATCH/DELETE).
+     *
     * @param userId
     * @param titleId
     * @param requestBody
@ -316,6 +326,7 @@ export class DefaultService {
     * @throws ApiError
     */
    public static updateUserTitle(
+        xXsrfToken: string,
        userId: number,
        titleId: number,
        requestBody: {
@ -330,6 +341,9 @@ export class DefaultService {
                'user_id': userId,
                'title_id': titleId,
            },
+            headers: {
+                'X-XSRF-TOKEN': xXsrfToken,
+            },
            body: requestBody,
            mediaType: 'application/json',
            errors: {
@ -344,12 +358,16 @@ export class DefaultService {
    /**
     * Delete a usertitle
     * User deleting title from list of watched
+     * @param xXsrfToken Anti-CSRF token. Must match the `XSRF-TOKEN` cookie.
+     * Required for all state-changing requests (POST/PUT/PATCH/DELETE).
+     *
     * @param userId
     * @param titleId
     * @returns any Title successfully deleted
     * @throws ApiError
     */
    public static deleteUserTitle(
+        xXsrfToken: string,
        userId: number,
        titleId: number,
    ): CancelablePromise<any> {
@ -360,6 +378,9 @@ export class DefaultService {
                'user_id': userId,
                'title_id': titleId,
            },
+            headers: {
+                'X-XSRF-TOKEN': xXsrfToken,
+            },
            errors: {
                401: `Unauthorized — missing or invalid auth token`,
                403: `Forbidden — user not allowed to delete title`,