added csrf header in body

dimagi · Dec 2, 2024 · d4cf965 · d4cf965
1 parent 2a4b9ce
commit d4cf965
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 2 deletions.
diff --git a/commcare_connect/opportunity/views.py b/commcare_connect/opportunity/views.py
@@ -1241,7 +1241,6 @@ def user_invite_delete(request, org_slug, opp_id, pk):
 
 @org_admin_required
 @require_POST
-@csrf_exempt
 def resend_user_invite(request, org_slug, opp_id, pk):
     user_invite = get_object_or_404(UserInvite, id=pk)
 

diff --git a/commcare_connect/templates/base.html b/commcare_connect/templates/base.html
@@ -33,7 +33,7 @@
 
   {% endblock javascript %}
 </head>
-<body class="bg-light">
+<body class="bg-light" hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'>
 <div class="mb-1">
   <nav class="navbar navbar-expand-lg bg-primary" data-bs-theme="dark">
     <div class="container">