From bf002e6034a2d38f8910fdde01d0e094384f5e61 Mon Sep 17 00:00:00 2001
From: Asad Ali <asad.ali@arbisoft.com>
Date: Thu, 2 Apr 2026 16:57:41 +0500
Subject: [PATCH 1/2] fix: read latest CSRF token from cookie

---
 cms/static/cms/js/main.js | 6 ++++--
 lms/static/js/main.js     | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/cms/static/cms/js/main.js b/cms/static/cms/js/main.js
index 1f55dda70623..7b8d4e8210c2 100644
--- a/cms/static/cms/js/main.js
+++ b/cms/static/cms/js/main.js
@@ -25,8 +25,10 @@ define([
         _.extend(window.CMS, Backbone.Events);
         Backbone.emulateHTTP = true;
         $.ajaxSetup({
-            headers: {
-                'X-CSRFToken': $.cookie('csrftoken')
+            beforeSend: function(xhr, settings) {
+                if (!(/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type)) && !this.crossDomain) {
+                    xhr.setRequestHeader('X-CSRFToken', $.cookie('csrftoken'));
+                }
             },
             dataType: 'json',
             content: {
diff --git a/lms/static/js/main.js b/lms/static/js/main.js
index b6c5ae512b15..31ac8962f52e 100644
--- a/lms/static/js/main.js
+++ b/lms/static/js/main.js
@@ -7,8 +7,10 @@
 
   $(function() {
     $.ajaxSetup({
-      headers: {
-        'X-CSRFToken': $.cookie('csrftoken')
+      beforeSend: function(xhr, settings) {
+        if (!(/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type)) && !this.crossDomain) {
+          xhr.setRequestHeader('X-CSRFToken', $.cookie('csrftoken'));
+        }
       },
       dataType: 'json'
     });

From b74809e02b481f72b1617a7a9f96476fda2bafc0 Mon Sep 17 00:00:00 2001
From: Asad Ali <asad.ali@arbisoft.com>
Date: Thu, 2 Apr 2026 17:22:12 +0500
Subject: [PATCH 2/2] revert cms change

---
 cms/static/cms/js/main.js | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/cms/static/cms/js/main.js b/cms/static/cms/js/main.js
index 7b8d4e8210c2..1f55dda70623 100644
--- a/cms/static/cms/js/main.js
+++ b/cms/static/cms/js/main.js
@@ -25,10 +25,8 @@ define([
         _.extend(window.CMS, Backbone.Events);
         Backbone.emulateHTTP = true;
         $.ajaxSetup({
-            beforeSend: function(xhr, settings) {
-                if (!(/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type)) && !this.crossDomain) {
-                    xhr.setRequestHeader('X-CSRFToken', $.cookie('csrftoken'));
-                }
+            headers: {
+                'X-CSRFToken': $.cookie('csrftoken')
             },
             dataType: 'json',
             content: {