Fix CSRF token validation failure in Settings diagnostics endpoints (related to #600)

The "Check Proxy Nodes" button in Settings > Diagnostics was returning
403 Forbidden due to missing CSRF token. The frontend was using native
fetch() instead of apiFetch() which automatically includes CSRF tokens
for POST requests.

Fixed three endpoints in Settings.tsx:
- /api/diagnostics (GET) - for consistency
- /api/diagnostics/temperature-proxy/register-nodes (POST) - reported issue
- /api/diagnostics/docker/prepare-token (POST) - same bug

Note: Export/import config endpoints intentionally continue using native
fetch() because they need custom 401/403 handling to show the API token
modal instead of redirecting to login.
This commit is contained in:
rcourtman 2025-11-12 00:00:55 +00:00
parent d9e0505394
commit 7815b45483

View file

@ -17,6 +17,7 @@ import { copyToClipboard } from '@/utils/clipboard';
import { getPulsePort, getPulseWebSocketUrl } from '@/utils/url';
import { logger } from '@/utils/logger';
import {
apiFetch,
clearApiToken as clearApiClientToken,
getApiToken as getApiClientToken,
setApiToken as setApiClientToken,
@ -794,7 +795,7 @@ const Settings: Component<SettingsProps> = (props) => {
const runDiagnostics = async () => {
setRunningDiagnostics(true);
try {
const response = await fetch('/api/diagnostics');
const response = await apiFetch('/api/diagnostics');
const diag = await response.json();
setDiagnosticsData(diag);
} catch (err) {
@ -809,7 +810,7 @@ const Settings: Component<SettingsProps> = (props) => {
if (proxyActionLoading()) return;
setProxyActionLoading('register-nodes');
try {
const response = await fetch('/api/diagnostics/temperature-proxy/register-nodes', {
const response = await apiFetch('/api/diagnostics/temperature-proxy/register-nodes', {
method: 'POST',
});
const data = await response.json().catch(() => null);
@ -843,7 +844,7 @@ const Settings: Component<SettingsProps> = (props) => {
if (dockerActionLoading()) return;
setDockerActionLoading(hostId);
try {
const response = await fetch('/api/diagnostics/docker/prepare-token', {
const response = await apiFetch('/api/diagnostics/docker/prepare-token', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ hostId }),