From 4caa622942f6d853701d888fb8b4f7fb947b2c5d Mon Sep 17 00:00:00 2001 From: catlog22 Date: Tue, 13 Jan 2026 11:42:28 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BD=BF=E7=94=A8=20csrfFetch=20?= =?UTF-8?q?=E6=9B=BF=E6=8D=A2=20fetch=20=E4=BB=A5=E5=A2=9E=E5=BC=BA=20API?= =?UTF-8?q?=20=E8=AF=B7=E6=B1=82=E7=9A=84=E5=AE=89=E5=85=A8=E6=80=A7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ccw/src/templates/dashboard-js/api.js | 2 +- .../dashboard-js/components/cli-status.js | 14 ++++---- .../dashboard-js/components/hook-manager.js | 4 +-- .../dashboard-js/components/index-manager.js | 4 +-- .../dashboard-js/components/mcp-manager.js | 32 +++++++++---------- .../components/storage-manager.js | 4 +-- .../components/task-queue-sidebar.js | 2 +- .../dashboard-js/views/cli-manager.js | 2 +- .../dashboard-js/views/codexlens-manager.js | 4 +-- .../templates/dashboard-js/views/memory.js | 2 +- .../dashboard-js/views/prompt-history.js | 2 +- 11 files changed, 36 insertions(+), 36 deletions(-) diff --git a/ccw/src/templates/dashboard-js/api.js b/ccw/src/templates/dashboard-js/api.js index b5079f4a..090aa787 100644 --- a/ccw/src/templates/dashboard-js/api.js +++ b/ccw/src/templates/dashboard-js/api.js @@ -174,7 +174,7 @@ function refreshRecentPaths() { */ async function removeRecentPathFromList(path) { try { - const response = await fetch('/api/remove-recent-path', { + const response = await csrfFetch('/api/remove-recent-path', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ path }) diff --git a/ccw/src/templates/dashboard-js/components/cli-status.js b/ccw/src/templates/dashboard-js/components/cli-status.js index 42c02cb2..ee80b58e 100644 --- a/ccw/src/templates/dashboard-js/components/cli-status.js +++ b/ccw/src/templates/dashboard-js/components/cli-status.js @@ -350,7 +350,7 @@ async function loadCliToolsConfig() { */ async function updateCliToolEnabled(tool, enabled) { try { - const response = await fetch('/api/cli/tools-config/' + tool, { + const response = await csrfFetch('/api/cli/tools-config/' + tool, { method: 'PUT', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ enabled: enabled }) @@ -796,7 +796,7 @@ function setDefaultCliTool(tool) { // Save to config if (window.claudeCliToolsConfig) { window.claudeCliToolsConfig.defaultTool = tool; - fetch('/api/cli/tools-config', { + csrfFetch('/api/cli/tools-config', { method: 'PUT', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ defaultTool: tool }) @@ -851,7 +851,7 @@ function getCacheInjectionMode() { async function setCacheInjectionMode(mode) { try { - const response = await fetch('/api/cli/tools-config/cache', { + const response = await csrfFetch('/api/cli/tools-config/cache', { method: 'PUT', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ injectionMode: mode }) @@ -1021,7 +1021,7 @@ async function startCodexLensInstall() { }, 1500); try { - const response = await fetch('/api/codexlens/bootstrap', { + const response = await csrfFetch('/api/codexlens/bootstrap', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({}) @@ -1171,7 +1171,7 @@ async function startCodexLensUninstall() { }, 500); try { - const response = await fetch('/api/codexlens/uninstall', { + const response = await csrfFetch('/api/codexlens/uninstall', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({}) @@ -1257,7 +1257,7 @@ async function initCodexLensIndex() { console.log('[CodexLens] Initializing index for path:', targetPath); try { - const response = await fetch('/api/codexlens/init', { + const response = await csrfFetch('/api/codexlens/init', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ path: targetPath }) @@ -1424,7 +1424,7 @@ async function startSemanticInstall() { }, 2000); try { - const response = await fetch('/api/codexlens/semantic/install', { + const response = await csrfFetch('/api/codexlens/semantic/install', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({}) diff --git a/ccw/src/templates/dashboard-js/components/hook-manager.js b/ccw/src/templates/dashboard-js/components/hook-manager.js index da8e55a7..5df3a5c8 100644 --- a/ccw/src/templates/dashboard-js/components/hook-manager.js +++ b/ccw/src/templates/dashboard-js/components/hook-manager.js @@ -449,7 +449,7 @@ async function saveHook(scope, event, hookData) { // Convert to Claude Code format before saving const convertedHookData = convertToClaudeCodeFormat(hookData); - const response = await fetch('/api/hooks', { + const response = await csrfFetch('/api/hooks', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ @@ -478,7 +478,7 @@ async function saveHook(scope, event, hookData) { async function removeHook(scope, event, hookIndex) { try { - const response = await fetch('/api/hooks', { + const response = await csrfFetch('/api/hooks', { method: 'DELETE', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ diff --git a/ccw/src/templates/dashboard-js/components/index-manager.js b/ccw/src/templates/dashboard-js/components/index-manager.js index cf4bfe90..f7c37747 100644 --- a/ccw/src/templates/dashboard-js/components/index-manager.js +++ b/ccw/src/templates/dashboard-js/components/index-manager.js @@ -252,7 +252,7 @@ async function cleanIndexProject(projectId) { // The project ID is the directory name in the index folder // We need to construct the full path or use a clean API - const response = await fetch('/api/codexlens/clean', { + const response = await csrfFetch('/api/codexlens/clean', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ projectId: projectId }) @@ -282,7 +282,7 @@ async function cleanAllIndexesConfirm() { try { showRefreshToast(t('index.cleaning') || 'Cleaning indexes...', 'info'); - const response = await fetch('/api/codexlens/clean', { + const response = await csrfFetch('/api/codexlens/clean', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ all: true }) diff --git a/ccw/src/templates/dashboard-js/components/mcp-manager.js b/ccw/src/templates/dashboard-js/components/mcp-manager.js index c43fbe0a..0923b3ff 100644 --- a/ccw/src/templates/dashboard-js/components/mcp-manager.js +++ b/ccw/src/templates/dashboard-js/components/mcp-manager.js @@ -91,7 +91,7 @@ function getCliMode() { */ async function addCodexMcpServer(serverName, serverConfig) { try { - const response = await fetch('/api/codex-mcp-add', { + const response = await csrfFetch('/api/codex-mcp-add', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ @@ -123,7 +123,7 @@ async function addCodexMcpServer(serverName, serverConfig) { */ async function removeCodexMcpServer(serverName) { try { - const response = await fetch('/api/codex-mcp-remove', { + const response = await csrfFetch('/api/codex-mcp-remove', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ serverName }) @@ -152,7 +152,7 @@ async function removeCodexMcpServer(serverName) { */ async function toggleCodexMcpServer(serverName, enabled) { try { - const response = await fetch('/api/codex-mcp-toggle', { + const response = await csrfFetch('/api/codex-mcp-toggle', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ serverName, enabled }) @@ -205,7 +205,7 @@ async function copyCodexServerToClaude(serverName, serverConfig) { async function toggleMcpServer(serverName, enable) { try { - const response = await fetch('/api/mcp-toggle', { + const response = await csrfFetch('/api/mcp-toggle', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ @@ -239,7 +239,7 @@ async function copyMcpServerToProject(serverName, serverConfig, configType = nul configType = preferredProjectConfigType; } - const response = await fetch('/api/mcp-copy-server', { + const response = await csrfFetch('/api/mcp-copy-server', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ @@ -316,7 +316,7 @@ function showConfigTypeDialog() { async function removeMcpServerFromProject(serverName) { try { - const response = await fetch('/api/mcp-remove-server', { + const response = await csrfFetch('/api/mcp-remove-server', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ @@ -343,7 +343,7 @@ async function removeMcpServerFromProject(serverName) { async function addGlobalMcpServer(serverName, serverConfig) { try { - const response = await fetch('/api/mcp-add-global-server', { + const response = await csrfFetch('/api/mcp-add-global-server', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ @@ -370,7 +370,7 @@ async function addGlobalMcpServer(serverName, serverConfig) { async function removeGlobalMcpServer(serverName) { try { - const response = await fetch('/api/mcp-remove-global-server', { + const response = await csrfFetch('/api/mcp-remove-global-server', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ @@ -809,7 +809,7 @@ async function submitMcpCreateFromJson() { for (const [name, config] of Object.entries(servers)) { try { - const response = await fetch('/api/mcp-copy-server', { + const response = await csrfFetch('/api/mcp-copy-server', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ @@ -854,7 +854,7 @@ async function createMcpServerWithConfig(name, serverConfig, scope = 'project') if (scope === 'codex') { // Create in Codex config.toml - response = await fetch('/api/codex-mcp-add', { + response = await csrfFetch('/api/codex-mcp-add', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ @@ -864,7 +864,7 @@ async function createMcpServerWithConfig(name, serverConfig, scope = 'project') }); scopeLabel = 'Codex'; } else if (scope === 'global') { - response = await fetch('/api/mcp-add-global-server', { + response = await csrfFetch('/api/mcp-add-global-server', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ @@ -874,7 +874,7 @@ async function createMcpServerWithConfig(name, serverConfig, scope = 'project') }); scopeLabel = 'global'; } else { - response = await fetch('/api/mcp-copy-server', { + response = await csrfFetch('/api/mcp-copy-server', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ @@ -1006,7 +1006,7 @@ async function installCcwToolsMcp(scope = 'workspace') { if (scope === 'global') { // Install to global (~/.claude.json mcpServers) - const response = await fetch('/api/mcp-add-global-server', { + const response = await csrfFetch('/api/mcp-add-global-server', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ @@ -1028,7 +1028,7 @@ async function installCcwToolsMcp(scope = 'workspace') { } else { // Install to workspace (use preferredProjectConfigType) const configType = preferredProjectConfigType; - const response = await fetch('/api/mcp-copy-server', { + const response = await csrfFetch('/api/mcp-copy-server', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ @@ -1074,7 +1074,7 @@ async function updateCcwToolsMcp(scope = 'workspace') { if (scope === 'global') { // Update global (~/.claude.json mcpServers) - const response = await fetch('/api/mcp-add-global-server', { + const response = await csrfFetch('/api/mcp-add-global-server', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ @@ -1096,7 +1096,7 @@ async function updateCcwToolsMcp(scope = 'workspace') { } else { // Update workspace (use preferredProjectConfigType) const configType = preferredProjectConfigType; - const response = await fetch('/api/mcp-copy-server', { + const response = await csrfFetch('/api/mcp-copy-server', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ diff --git a/ccw/src/templates/dashboard-js/components/storage-manager.js b/ccw/src/templates/dashboard-js/components/storage-manager.js index fef0fb20..7a066f63 100644 --- a/ccw/src/templates/dashboard-js/components/storage-manager.js +++ b/ccw/src/templates/dashboard-js/components/storage-manager.js @@ -415,7 +415,7 @@ async function cleanProjectStorage(projectId) { } try { - const res = await fetch('/api/storage/clean', { + const res = await csrfFetch('/api/storage/clean', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ projectId }) @@ -451,7 +451,7 @@ async function cleanAllStorageConfirm() { } try { - const res = await fetch('/api/storage/clean', { + const res = await csrfFetch('/api/storage/clean', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ all: true }) diff --git a/ccw/src/templates/dashboard-js/components/task-queue-sidebar.js b/ccw/src/templates/dashboard-js/components/task-queue-sidebar.js index 1615eaea..7ebda8b0 100644 --- a/ccw/src/templates/dashboard-js/components/task-queue-sidebar.js +++ b/ccw/src/templates/dashboard-js/components/task-queue-sidebar.js @@ -568,7 +568,7 @@ async function executeSidebarUpdateTask(taskId) { } try { - const response = await fetch('/api/update-claude-md', { + const response = await csrfFetch('/api/update-claude-md', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ diff --git a/ccw/src/templates/dashboard-js/views/cli-manager.js b/ccw/src/templates/dashboard-js/views/cli-manager.js index 1f2da100..37c31587 100644 --- a/ccw/src/templates/dashboard-js/views/cli-manager.js +++ b/ccw/src/templates/dashboard-js/views/cli-manager.js @@ -2752,7 +2752,7 @@ async function installSemanticDeps() { '
' + t('codexlens.installingDeps') + '
'; try { - var response = await fetch('/api/codexlens/semantic/install', { method: 'POST' }); + var response = await csrfFetch('/api/codexlens/semantic/install', { method: 'POST' }); var result = await response.json(); if (result.success) { diff --git a/ccw/src/templates/dashboard-js/views/codexlens-manager.js b/ccw/src/templates/dashboard-js/views/codexlens-manager.js index 5d83b09d..874c4346 100644 --- a/ccw/src/templates/dashboard-js/views/codexlens-manager.js +++ b/ccw/src/templates/dashboard-js/views/codexlens-manager.js @@ -3613,7 +3613,7 @@ async function initCodexLensIndex(indexType, embeddingModel, embeddingBackend, m // Install semantic dependencies first showRefreshToast(t('codexlens.installingDeps') || 'Installing semantic dependencies...', 'info'); try { - var installResponse = await fetch('/api/codexlens/semantic/install', { method: 'POST' }); + var installResponse = await csrfFetch('/api/codexlens/semantic/install', { method: 'POST' }); var installResult = await installResponse.json(); if (!installResult.success) { @@ -5383,7 +5383,7 @@ function initCodexLensManagerPageEvents(currentConfig) { saveBtn.disabled = true; saveBtn.innerHTML = '' + t('common.saving') + ''; try { - var response = await fetch('/api/codexlens/config', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ index_dir: newIndexDir }) }); + var response = await csrfFetch('/api/codexlens/config', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ index_dir: newIndexDir }) }); var result = await response.json(); if (result.success) { showRefreshToast(t('codexlens.configSaved'), 'success'); renderCodexLensManager(); } else { showRefreshToast(t('common.saveFailed') + ': ' + result.error, 'error'); } diff --git a/ccw/src/templates/dashboard-js/views/memory.js b/ccw/src/templates/dashboard-js/views/memory.js index 853407a0..2de32883 100644 --- a/ccw/src/templates/dashboard-js/views/memory.js +++ b/ccw/src/templates/dashboard-js/views/memory.js @@ -1114,7 +1114,7 @@ async function deleteInsight(insightId) { if (!confirm(t('memory.confirmDeleteInsight'))) return; try { - var response = await fetch('/api/memory/insights/' + insightId, { method: 'DELETE' }); + var response = await csrfFetch('/api/memory/insights/' + insightId, { method: 'DELETE' }); if (!response.ok) throw new Error('Failed to delete insight'); selectedInsight = null; diff --git a/ccw/src/templates/dashboard-js/views/prompt-history.js b/ccw/src/templates/dashboard-js/views/prompt-history.js index 8e896516..ffcf962b 100644 --- a/ccw/src/templates/dashboard-js/views/prompt-history.js +++ b/ccw/src/templates/dashboard-js/views/prompt-history.js @@ -431,7 +431,7 @@ async function deletePromptInsight(insightId) { if (!confirm(isZh() ? '确定要删除这条洞察记录吗?' : 'Are you sure you want to delete this insight?')) return; try { - var response = await fetch('/api/memory/insights/' + insightId, { method: 'DELETE' }); + var response = await csrfFetch('/api/memory/insights/' + insightId, { method: 'DELETE' }); if (!response.ok) throw new Error('Failed to delete insight'); selectedPromptInsight = null;