Fix template errors: Starlette new API + remove hx-headers escaping

- TemplateResponse now uses (request, name, context) signature for Starlette 0.36+ - Replace per-button hx-headers with global htmx:configRequest token injection in base.html - Fix JS cookie regex to handle leading semicolons correctly Tested: login, auth redirect, profile create/view/delete all return correct status codes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-03 01:03:19 +01:00
parent 6afc464d53
commit c54ba02253
4 changed files with 17 additions and 14 deletions
--- a/manager/templates/profile.html
+++ b/manager/templates/profile.html
@@ -24,13 +24,11 @@
    {% if profile.running %}
    <button class="btn btn-danger"
            hx-post="/api/profiles/{{ profile.id }}/stop"
-            hx-headers='{"X-Token": "{{ request.cookies.get(\"token\", \"\") }}"}'
            hx-swap="none"
            hx-on::after-request="location.reload()">Stop</button>
    {% else %}
    <button class="btn btn-success"
            hx-post="/api/profiles/{{ profile.id }}/start"
-            hx-headers='{"X-Token": "{{ request.cookies.get(\"token\", \"\") }}"}'
            hx-swap="none"
            hx-on::after-request="location.reload()">Start</button>
    {% endif %}
@@ -137,7 +135,6 @@
        <h2 style="margin:0;">Event Log</h2>
        <button class="btn btn-ghost" style="font-size:12px;padding:4px 10px;"
                hx-get="/api/profiles/{{ profile.id }}/status"
-                hx-headers='{"X-Token": "{{ request.cookies.get(\"token\", \"\") }}"}'
                hx-swap="none"
                hx-on::after-request="refreshLog(event)">Refresh</button>
      </div>
@@ -153,9 +150,10 @@ document.getElementById('send-form').addEventListener('submit', async (e) => {
  const fd = new FormData(e.target)
  const result = document.getElementById('send-result')
  result.textContent = 'Sending…'
+  const token = document.cookie.match(/(?:^|;\s*)token=([^;]+)/)?.[1] || ''
  const resp = await fetch('/api/profiles/{{ profile.id }}/send', {
    method: 'POST',
-    headers: {'Content-Type': 'application/json', 'X-Token': document.cookie.match(/token=([^;]+)/)?.[1] || ''},
+    headers: {'Content-Type': 'application/json', 'X-Token': token},
    body: JSON.stringify({to: fd.get('to'), text: fd.get('text')})
  })
  const data = await resp.json()
@@ -174,9 +172,10 @@ function refreshLog(event) {

 function confirmDelete() {
  if (!confirm('Delete this profile? This cannot be undone.')) return
+  const token = document.cookie.match(/(?:^|;\s*)token=([^;]+)/)?.[1] || ''
  fetch('/api/profiles/{{ profile.id }}', {
    method: 'DELETE',
-    headers: {'X-Token': document.cookie.match(/token=([^;]+)/)?.[1] || ''}
+    headers: {'X-Token': token}
  }).then(() => location.href = '/')
 }