add CSRF protection for AJAX requests

2025-07-17 09:58:55 +04:00
parent 8c5737cb28
commit 86663fd27c
2 changed files with 13 additions and 1 deletions
@@ -22,13 +22,19 @@ document.addEventListener("DOMContentLoaded", () => {
      this.textContent = "Chargement...";
      this.disabled = true;

+      // Préparer les données avec token CSRF
+      const formData = new FormData();
+      formData.append('csrf_token', document.querySelector('meta[name="csrf-token"]').getAttribute('content'));
+      
      // Faire la requête AJAX
      fetch(
        `ajax/load-more-videos.php?type=category&page=${page}&category=${categoryId}`,
        {
+          method: 'POST',
          headers: {
            "X-Requested-With": "XMLHttpRequest",
          },
+          body: formData
        }
      )
        .then((response) => response.json())
@@ -167,11 +167,17 @@ document.addEventListener('DOMContentLoaded', function() {
                url += `&category=${categoryId}`;
            }
            
+            // Préparer les données avec token CSRF
+            const formData = new FormData();
+            formData.append('csrf_token', document.querySelector('meta[name="csrf-token"]').getAttribute('content'));
+            
            // Faire la requête AJAX
            fetch(url, {
+                method: 'POST',
                headers: {
                    'X-Requested-With': 'XMLHttpRequest'
-                }
+                },
+                body: formData
            })
            .then(response => response.json())
            .then(data => {