include csrf token and fix escaping for admin scripts
This commit is contained in:
@@ -1,14 +1,24 @@
|
||||
@section('scripts')
|
||||
<script>
|
||||
function setEditable() {
|
||||
|
||||
const token = $('meta[name="csrf-token"]').attr('content');
|
||||
|
||||
@if(isset($aircraft))
|
||||
$('#expenses a.text').editable({
|
||||
emptytext: '0',
|
||||
url: '{{ url('/admin/aircraft/'.$aircraft->id.'/expenses') }}',
|
||||
title: 'Enter override value',
|
||||
ajaxOptions: {'type': 'put'},
|
||||
ajaxOptions: {
|
||||
type: 'post',
|
||||
headers: {
|
||||
'x-api-key': '{{ Auth::user()->api_key }}',
|
||||
'X-CSRF-TOKEN': token,
|
||||
}
|
||||
},
|
||||
params: function (params) {
|
||||
return {
|
||||
_method: 'put',
|
||||
expense_id: params.pk,
|
||||
name: params.name,
|
||||
value: params.value
|
||||
@@ -19,12 +29,19 @@ function setEditable() {
|
||||
$('#expenses a.dropdown').editable({
|
||||
type: 'select',
|
||||
emptytext: '0',
|
||||
source: {{ json_encode(list_to_editable(\App\Models\Enums\ExpenseType::select())) }},
|
||||
source: {!! json_encode(list_to_editable(\App\Models\Enums\ExpenseType::select())) !!},
|
||||
url: '{{ url('/admin/aircraft/'.$aircraft->id.'/expenses') }}',
|
||||
title: 'Enter override value',
|
||||
ajaxOptions: {'type': 'put'},
|
||||
ajaxOptions: {
|
||||
type: 'post',
|
||||
headers: {
|
||||
'x-api-key': '{{ Auth::user()->api_key }}',
|
||||
'X-CSRF-TOKEN': token,
|
||||
}
|
||||
},
|
||||
params: function (params) {
|
||||
return {
|
||||
_method: 'put',
|
||||
expense_id: params.pk,
|
||||
name: params.name,
|
||||
value: params.value
|
||||
|
||||
Reference in New Issue
Block a user