webapp: add CSRF token to imaging Clear-all form

The dashboard Clear-all button posts to /imaging/delete-all but the form was missing the hidden _csrf_token input that the rest of the webapp's POST forms include, so the endpoint would reject the request when CSRF enforcement is active.
2026-05-24 07:04:20 -04:00
parent 54dddaa760
commit b57ba0fb6f
1 changed files with 1 additions and 0 deletions
--- a/webapp/templates/imaging.html
+++ b/webapp/templates/imaging.html
@@ -29,6 +29,7 @@ window.addEventListener('DOMContentLoaded', scheduleImagingReload);
    <form method="post" action="{{ url_for('imaging_delete_all') }}"
          onsubmit="return confirm('Clear all {{ sessions|length }} imaging session(s)? This wipes every tile from the dashboard. Live re-images will repopulate on next status push.');"
          style="display:inline;">
+      <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
      <button type="submit" class="btn btn-sm btn-outline-danger">Clear all</button>
    </form>
    {% endif %}