CSRF Fixed In Velocity Theme

This commit is contained in:
devansh bawari 2021-08-06 19:24:22 +05:30
parent ccf4d11429
commit 647086ae6a
2 changed files with 32 additions and 5 deletions

View File

@ -12,9 +12,16 @@
@if (count($items))
<div class="account-action float-right">
<form id="remove-all-wishlist" action="{{ route('customer.wishlist.removeall') }}" method="POST">
@method('DELETE')
@csrf
</form>
<a
class="remove-decoration theme-btn light"
href="{{ route('customer.wishlist.removeall') }}">
href="javascript:void(0);"
onclick="document.getElementById('remove-all-wishlist').submit();">
{{ __('shop::app.customer.account.wishlist.deleteall') }}
</a>
</div>

View File

@ -14,10 +14,23 @@
$title = $wishlist ? __('velocity::app.shop.wishlist.remove-wishlist-text') : __('velocity::app.shop.wishlist.add-wishlist-text');
@endphp
@if($wishlist)
<form id="wishlist-{{ $wishlist->id }}" action="{{ $href }}" method="POST">
@method('DELETE')
@csrf
</form>
@else
<form id="wishlist-{{ $product->product_id }}" action="{{ $href }}" method="POST">
@csrf
</form>
@endif
<a
class="unset wishlist-icon {{ $addWishlistClass ?? '' }} text-right"
href="{{ $href }}"
title="{{ $title }}">
href="javascript:void(0);"
title="{{ $title }}"
onclick="document.getElementById('wishlist-{{ $wishlist ? $wishlist->id : $product->product_id }}').submit();">
<wishlist-component active="{{ $wishlist ? false : true }}"></wishlist-component>
@ -28,11 +41,18 @@
@endauth
@guest('customer')
<form id="wishlist-{{ $product->product_id }}" action="{{ route('customer.wishlist.add', $product->product_id) }}" method="POST">
@csrf
</form>
<a
class="unset wishlist-icon {{ $addWishlistClass ?? '' }} text-right"
href="{{ route('customer.wishlist.add', $product->product_id) }}"
title="{{ __('velocity::app.shop.wishlist.add-wishlist-text') }}">
href="javascript:void(0);"
title="{{ __('velocity::app.shop.wishlist.add-wishlist-text') }}"
onclick="document.getElementById('wishlist-{{ $product->product_id }}').submit();">
<wishlist-component active="false"></wishlist-component>
</a>
@endauth