kbe/aperonight
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

refactor: extract cart storage to dedicated API controller with dynamic frontend URLs
All checks were successful
Ruby on Rails Test / rails-test (push) Successful in 1m7s

Browse Source 
- Added dedicated CartsController for session-based cart storage
- Refactored routes to use POST /api/v1/carts/store
- Updated ticket selection JS to use dynamic data attributes for URLs
- Fixed CSRF protection in API and checkout payment increment
- Made checkout button URLs dynamic via data attributes
- Updated tests for new cart storage endpoint
- Removed obsolete store_cart from EventsController
This commit is contained in:
kbe
2025-09-15 19:52:01 +02:00
parent 4cde466f9a
commit d6184b6c84
8 changed files with 63 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/api_controller.rb
View File

@@ -2,7 +2,7 @@
# Provides authentication and common functionality for API controllers
class ApiController < ApplicationController
# Disable CSRF protection for API requests (token-based authentication instead)
protect_from_forgery with: :null_session
protect_from_forgery prepend: true
# Authenticate all API requests using API key
# Must be called before any API action