Fix missing authentication (CSRF) when using related issues block (#90 and PR #93)

Author: Ilogeek

assets/javascripts/issue_dynamic_edit.js

@@ -37,6 +37,23 @@ if (_CONF_DISPLAY_EDIT_ICON === "block"){
 	$('body.controller-issues.action-show .issue.details').addClass('showPencils');
 }
 
+let updateCSRFToken = function(token){
+	document.querySelectorAll('input[name="authenticity_token"]').forEach(elt => elt.value = token);
+	document.querySelector('meta[name="csrf-token"]').setAttribute("content", token);
+}
+
+let setCSRFTokenInput = function(token){
+	document.querySelectorAll('form[method="post"]').forEach(elt => {
+		if(!elt.querySelectorAll('input[name="authenticity_token"]').length){
+			let input = document.createElement("input");
+			input.setAttribute("type", "hidden");
+			input.setAttribute("name", "authenticity_token");
+			input.value = token;
+			elt.insertBefore(input, null);
+		}
+	});
+}
+
 /* Generate edit block */
 var getEditFormHTML = function(attribute){
 	var formElement = $('#issue_' + attribute + "_id");
@@ -317,6 +334,8 @@ var sendData = function(serialized_data){
 					$('body').find('input[type=date]').datepickerFallback(datepickerOptions);
 				}
 
+				setCSRFTokenInput($(parsed).find('input[name="authenticity_token"]').val());
+				updateCSRFToken($(parsed).find('input[name="authenticity_token"]').val());
 				setCheckVersionInterval(true);
 			},
 			error: function(xhr, msg, error) {
@@ -354,4 +373,5 @@ var sendData = function(serialized_data){
 }
 
 // Init plugin
-cloneEditForm();
+cloneEditForm();
+setCSRFTokenInput(document.querySelector('meta[name="csrf-token"]').getAttribute("content"));

init.rb

@@ -1,6 +1,6 @@
 require 'redmine'
 
-require 'details_issue_hooks'
+require_relative './lib/details_issue_hooks.rb'
 
 Redmine::Plugin.register :redmine_issue_dynamic_edit do
   name 'Redmine Dynamic edit Issue plugin'