fix: reworked csrf

2025-12-04 10:12:05 +03:00 · 2025-12-04 10:12:05 +03:00 · bd868bb724
commit bd868bb724
parent 475266eef6
16 changed files with 39 additions and 150 deletions
--- a/modules/frontend/src/api/services/DefaultService.ts
+++ b/modules/frontend/src/api/services/DefaultService.ts
@ -135,16 +135,12 @@ export class DefaultService {
     * Password updates must be done via the dedicated auth-service (`/auth/`).
     * Fields not provided in the request body remain unchanged.
     *
-     * @param xXsrfToken Anti-CSRF token. Must match the `XSRF-TOKEN` cookie.
-     * Required for all state-changing requests (POST/PUT/PATCH/DELETE).
-     *
     * @param userId User ID (primary key)
     * @param requestBody
     * @returns User User updated successfully. Returns updated user representation (excluding sensitive fields).
     * @throws ApiError
     */
    public static updateUser(
-        xXsrfToken: string,
        userId: number,
        requestBody: {
            /**
@ -175,9 +171,6 @@ export class DefaultService {
            path: {
                'user_id': userId,
            },
-            headers: {
-                'X-XSRF-TOKEN': xXsrfToken,
-            },
            body: requestBody,
            mediaType: 'application/json',
            errors: {
@ -316,9 +309,6 @@ export class DefaultService {
    /**
     * Update a usertitle
     * User updating title list of watched
-     * @param xXsrfToken Anti-CSRF token. Must match the `XSRF-TOKEN` cookie.
-     * Required for all state-changing requests (POST/PUT/PATCH/DELETE).
-     *
     * @param userId
     * @param titleId
     * @param requestBody
@ -326,7 +316,6 @@ export class DefaultService {
     * @throws ApiError
     */
    public static updateUserTitle(
-        xXsrfToken: string,
        userId: number,
        titleId: number,
        requestBody: {
@ -341,9 +330,6 @@ export class DefaultService {
                'user_id': userId,
                'title_id': titleId,
            },
-            headers: {
-                'X-XSRF-TOKEN': xXsrfToken,
-            },
            body: requestBody,
            mediaType: 'application/json',
            errors: {
@ -358,16 +344,12 @@ export class DefaultService {
    /**
     * Delete a usertitle
     * User deleting title from list of watched
-     * @param xXsrfToken Anti-CSRF token. Must match the `XSRF-TOKEN` cookie.
-     * Required for all state-changing requests (POST/PUT/PATCH/DELETE).
-     *
     * @param userId
     * @param titleId
     * @returns any Title successfully deleted
     * @throws ApiError
     */
    public static deleteUserTitle(
-        xXsrfToken: string,
        userId: number,
        titleId: number,
    ): CancelablePromise<any> {
@ -378,9 +360,6 @@ export class DefaultService {
                'user_id': userId,
                'title_id': titleId,
            },
-            headers: {
-                'X-XSRF-TOKEN': xXsrfToken,
-            },
            errors: {
                401: `Unauthorized — missing or invalid auth token`,
                403: `Forbidden — user not allowed to delete title`,