Move increment_payment_attempt to API namespace and update JavaScript

- Add API route for increment_payment_attempt in config/routes.rb - Update API OrdersController to handle increment_payment_attempt and skip API key authentication - Update JavaScript code in checkout view to use API endpoint without CSRF tokens - Remove CSRF token from API requests as it's not required for API endpoints - Maintain backward compatibility by keeping original method in OrdersController
2025-09-10 16:27:05 +02:00
parent 20ae3de7a3
commit 83e76f71bf
3 changed files with 13 additions and 3 deletions
--- a/app/views/orders/checkout.html.erb
+++ b/app/views/orders/checkout.html.erb
@@ -200,10 +200,9 @@
                try {
                  // Increment payment attempt counter
                  console.log('Incrementing payment attempt for order:', '<%= @order.id %>');
-                  const response = await fetch('<%= increment_payment_attempt_order_path(@order) %>', {
-                    method: 'POST',
+                  const response = await fetch('/api/v1/orders/<%= @order.id %>/increment_payment_attempt', {
+                    method: 'PATCH',
                    headers: {
-                      'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content'),
                      'Content-Type': 'application/json'
                    }
                  });