From d4cf965632f0990ef6992acd09b2b75cc126fb4e Mon Sep 17 00:00:00 2001
From: hemant10yadav <hemant.10.yadav@gmail.com>
Date: Mon, 2 Dec 2024 09:15:59 +0530
Subject: [PATCH] added csrf header in body

---
 commcare_connect/opportunity/views.py | 1 -
 commcare_connect/templates/base.html  | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/commcare_connect/opportunity/views.py b/commcare_connect/opportunity/views.py
index 6d857685..20d65db5 100644
--- a/commcare_connect/opportunity/views.py
+++ b/commcare_connect/opportunity/views.py
@@ -1241,7 +1241,6 @@ def user_invite_delete(request, org_slug, opp_id, pk):
 
 @org_admin_required
 @require_POST
-@csrf_exempt
 def resend_user_invite(request, org_slug, opp_id, pk):
     user_invite = get_object_or_404(UserInvite, id=pk)
 
diff --git a/commcare_connect/templates/base.html b/commcare_connect/templates/base.html
index f417ddab..2c28e58e 100644
--- a/commcare_connect/templates/base.html
+++ b/commcare_connect/templates/base.html
@@ -33,7 +33,7 @@
 
   {% endblock javascript %}
 </head>
-<body class="bg-light">
+<body class="bg-light" hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'>
 <div class="mb-1">
   <nav class="navbar navbar-expand-lg bg-primary" data-bs-theme="dark">
     <div class="container">