From 915981794715337755471e17f4d1aacdc88dde7a Mon Sep 17 00:00:00 2001
From: Kobe <kobeamerijckx@outlook.com>
Date: Fri, 30 May 2025 13:22:51 +0200
Subject: [PATCH] fix all csfr token issues

---
 app.py                                        |   2 +-
 routes/__pycache__/main.cpython-313.pyc       | Bin 45582 -> 45333 bytes
 routes/__pycache__/room_files.cpython-313.pyc | Bin 42402 -> 42402 bytes
 routes/main.py                                |   5 ----
 static/js/debugging.js                        |   6 ++--
 static/js/events.js                           |  12 ++++----
 static/js/file-grid.js                        |  10 +++----
 static/js/rooms/fileManager.js                |  10 +++----
 static/js/rooms/modalManager.js               |   2 +-
 static/js/rooms/uploadManager.js              |   2 +-
 static/js/starred.js                          |   2 +-
 static/js/trash.js                            |   4 +--
 templates/rooms/roombefore.html               |  28 +++++++++---------
 utils/__pycache__/__init__.cpython-313.pyc    | Bin 696 -> 696 bytes
 14 files changed, 39 insertions(+), 44 deletions(-)

diff --git a/app.py b/app.py
index 9c95282..8d89b5f 100644
--- a/app.py
+++ b/app.py
@@ -35,7 +35,7 @@ def create_app():
 
     @app.context_processor
     def inject_csrf_token():
-        return dict(csrf_token=lambda: generate_csrf())
+        return dict(csrf_token=generate_csrf())
 
     @app.context_processor
     def inject_config():
diff --git a/routes/__pycache__/main.cpython-313.pyc b/routes/__pycache__/main.cpython-313.pyc
index 78e2e9f883fb80ee1b5766b7ff626b838e4da3f1..f22b5969446cce000b1d3d4e786b2969c7879da8 100644
GIT binary patch
delta 3722
zcma)9dr*|u72nIg7Z!-13#`EM5ZMI`Di32d5vri5h=4D|EFZfc>?g}Ep6^3Yn*w&y
zv<*h>_0e(KF>$6dYSrkhj-7Pcq|<id<d24E^ZIJqnAqCXBs$g1n6XWJ&Rqq3{Lvl#
zednHY?!D*Ud(Q7(Ub>pF|C5B|TTZ9LfWMFVQ=t!jxHmb2weOud&;+g)LyKj3MnfiK
zdJHIAmuEG&!QC(&rZ;3mc0&&22)%82ZbL5QHh91z+UDhXkca-}<@t~=z6DUwp2zp3
zO*6IUH8=3Q?P+E^N-OwqR=TM@zqye&&B#i6lC?OVGI|VXX(G$Cc5fx4zzhcPwIpU4
zprqUEP2&65)!6e1t1T>_zi->lGI+E7pv6aCGx-gBp(h(fbt=NJ;kM0?n(<TXn5X<w
z#_UTebH;3Qz!#hA2o$sG*ugow7+cC`RD7Qm@)H%+te#)3m^tLap1M)(@6}DJvR&3K
zT}oJ!0jf!FQ3Fy~0^PJZszh`vM5DcaB?v3Yme}7Hj!Ho}=<nPH^HBrOklL)Mk*KB{
z!*T=`kiwyA5`b{iEmB{f90@`O8BAfNN9I4OOlO(=aAkS+3{u)u4Z1X?R|YpVE&W;`
z5*>i){PRj*YAve3h~UkEM*Q%+sw`YmO_e9BlDwyMMWI*HG@MKdXv$Va+Xf5yjw)Y4
zEA?DMu$CN?qT!&dYJLqQH3aKOzn)*H@>w>J*v9Wvt!Fd&>grjnAU0fmD4A{L?z&m5
zhbPtN#d_*|j5&BmQ*P{BeVvgxV*hR!vGQ*vIrxs&bbhyafosP7lk^xi=HZay*HXmy
zEX~7l`&vq-uDGwY8l+bYhKPNm3D-01b~}qVuD)+uW9Nq>E`FoM!C!Evr+6n@nwxoz
zoW_r3rtv-Lw$x-pi*K@-x3yOCyVKnKc&n3@@VAzE^3;S}%<G7~#$I^u+r_#J3yryk
zF6J$5guVRh*4Nm9*x5CQndK1100;PQH)Krt35s4D93joP+U3?$`y^Ezh(gdG2uYD{
zIp{URcjDd7t?T5g)<4V2_^I`wg{5FcwQlK^wNNw&8>wLq%ANh)x`|FqH)GDpDkM>7
znoUoLs=BF9(n1j8EgLGIevT{$2$Bg32|5WVXGBKmHX0)$Vd6|f9VWB1RlXN9uEJHM
zC#kaLzaMfug-xB&Xjr!|84SpMni7q`L2hd+W{G@uTiI&LC^$`H*=cC(is2k4<;$dW
z%3I}#<`2r6q=Z$S$+~k*(~4C!i~V)0RxDo9tR|wDXZ$ye)q1|oXGy{mS5x`5wmKGw
z&Dv-*@n-*}1x~{s(rVM%oQ5}NE=$4BShXARowOPQelDihm*GcuI@;$Mbyw}Q_PNH(
zWegja=bGE+ajE0k#3w1Pd!+DIhtIu3OoPfeDddjjR$fY}8nab_kEck3sk6v`a;Jk*
z6&vAylyaDle<8J`{_bIirp_Yw3y+LC&N6&&XV0UZk^)ukU5|9Cxs*~nW~)VN+7tkD
z#zC5@3_&+)Qm1YSM8i=~VKKiJDt?9%ic+ClhAI?4n<M<@RD_@bC0Hh!bIXH31$B(U
zrTB-s9ZP`sc%#x`DZmC?<Y$#4=U-9u=EgHEz+WG6@o$u@AxbaZs6;eDIxtB7(+ScE
zCbF%I{OrU|$Z5TOP*3Jf1b(vEFia&PA$y7}6$K-al_(3Y5PU*@W<`^GRiFg%ra*xK
zLx)evdXeBN!QTk}PCyHSKM{!9dXJ=!5Of<7sXvIb#Tgb;k!CLBpKdNfj&byqG9Ih$
zDNSI$Sg=<%S>oHw-`<j&NV{+^9{%-~^K3sq18au@q_q*42`mIut8kQnN*In2h+<45
z=^DZKx*&y`v?_R&;4Fcd^&CmRMDUs>xr<}@4Qf>rg2#-tf<^M8T4jBgQf83xg*~OQ
z+iI&Z@fHnmZvia>Ph0k5d%Ksv4H^8^fho@0*z_h(oNC5`|06OHPXcZ~4lSZcKuLs<
zKUl%;#MTXdV|`%aj^Ql!65lcWCGOYek$KrPt8VR<BQi)~FM~0PqG(bSn?w|1<BroT
zL?&>T;1>iZ2touW2~H6Zcfn@}x=CDuXQ(}~>;I*u0e1%&<1==aOn=;#i-lRBfbZCu
zlNTqjaI`xbCor*6I@&lh;fBAqv%!*tYga>jLC^fy;_t1r<x>P+qn<FUTxW`I56Of6
zcvTujPa?C}i*0NLPaa*!rt%e|(~~mk%<#XV1C83~Qr5tKJz9ora(%QvcQNW=Dq3-y
za%gO(8=<>X_|u^e?OMtj`GsAjn5<vzGBR5{0C4?yx63k<I%o0h-Oa3p_wBAN$)SPF
zKr=!KK|Vn)K>>nF>Feq63{#jN?QUeNdFh^VjAYZEmlMY$*<Q?lw$~FY-n-Q3oPoW(
zN%3TF=g;kXB!B3XbVq+5l^DJ)H25dQWJmBO#xv*&DX6-kjK8yQiF+cN2kwDIi!i3y
z`{%KRvCaFN%(&cN9kN>1j#J>Ia(|Zwo2YpaI8h+HPw)Z3I0eFo)FcW7o#4*|mwCo3
zTZaVW*&e2rhgd~0jbMepP*1@_AEV?gxR=hPeTW)FUjKs(f)MD$9z&l)5A$by>*~pS
zoH^k-H6J8R-5Qedb%_^&;GlN$2oroxKzSIan#T~4*Ez9`6_d7*XcN95_>!QI;0D1}
z0<mbZ5e58>Bh%t(cadK{;$g$F{~YNdB2|8V#>ftG_pxvuy@4m*L|&_SQN-sJ$uYu@
z9$QosATI|&Isr|oJG${95(R%ndBvo)Rg?YOn25SVQI!Z@Fp+=^=eYNH{*ahU92pI*
z+Z8n$f9b*q^*TZzUS>7eA8HZ2X1pK714RkyW+92ep^j#7f~@vMBdSbyh7_+C;sc;k
z)1RRDCckd@h2viKX6#?bPqDfOnM=2zZ(txO7)-bIN<DH=0oD72Ztaznh`+NBiYd5q
zf>DAu2!7A6oJcFYN#a)ocL-7__IU*2Bvz92I?q0t<q}aPDiKBVL$qJRmtrd#UA*z+
zhwjbHTz$)Euw)aY6U@75A?3~WvD#CYnfOb|TgnSh|DZ(BuAV#~L(g`(zk61{hA+4H
zbJ3x02}|KXNbcPRE{uj>Kb@JXTah>MM(@VIkGA1`%`?x;pL3pK6)8zUOnyV5LANdF
hjRyO}^3%|XR{UpBzssLL<KaioY_hi|vLf+F`yViO&cFZw

delta 3790
zcma)<eQ;A%7Qo+al9x0eZI>3BCZtV2NhmFa?Uza`MG7Uwf(;+#qfOK1(FD_^-1ka>
zorS`Tj3Wr*QNa}vbpH?qi)LnZ{li)J%h`3EsUqz907Yd#SXV{aS$D_5*>i4?R&Zzb
zP5XQI-gEA~=iYnHc{h)Kl(FwpM%Gn_!z$s^_GV-B%mW9qoGf}^#z;@V$(>#)C<W#A
z0$zY`bGs|x=5EnuX`deOa8IC+7Y2%WQNYW+qCK;{I8e-s10}rVdf!rBD#j?|W#V1V
z%h#87E`=Ino)HTja8GWo$%>`r)ReKl42}i!V9a5$&t^f}Z3eG|vK1tow!X5Ck)e{r
zX9evpiB}ECeh1voE;;;6&x|JrLds?(p{3#(_sFaiUbAdt1#nyDLAjFp_~2}287qXZ
zGYeT|%4O~MvBuQ)xeqe71njlDSvf#$18ajfYiATVv4d_<hX-||8r!Dm@`hMkQ#fw~
zTb<kAK~mfBP&^rqD3MU#R(=OfFrS)DF*T9YbVFQ8@FrMR=R^~tbspw|-E}pd3R1DC
z8sDJB1{FS?s`9YbpGb~y51g)>X}b%XxB=lW1V_C~UP1LG;H&q#>PdUbh9n;hYZ}fQ
z?$=_QW7<~U41M)8OIMQSD#B_~v?t>cMb$zY535n$MeS=~tbV4vmWu1(gZeJ!gT{tx
zR+buQ_(_(0HcOJ488lhE)*!nbJ1myNPo(B7YG=#_MT-klPb^++V7Ao9ft}{;yKxZl
z1j|=i*4ZJMJKb7GX5*8{gqA=NtAI~~e&}c`grl8>Yz7Q%%gYG*V5F^>`QfY1%Bi%C
z;xS9%W7y5Q&L~OnmfP)^xi0vvY^4=iO7dZJkrm!`=Vez;mY`o8n3~I0!IKVGPL>p$
zHCYHB2J1l1cSEer!K&cJC0+=vFuSZR)-v?!1im-04N{Y#NZP>s)gAm{7+vuyJD9p-
z<x_0o6F5CTNH|P*l5m9Z6yb4%-@>1v^8eO^!qras$E0%*=B@5)M2}Gw9vU8sgf(TG
zzm;6oo9x@D^lRRJu3%%t8&2SV1f9yOCB3Sms<C7Oj;!us)o^Wfw5f`laXeifRJ3R^
z!q-#96jAzy2XrI(g>FJWRa9=LS;<O0BdO}fp|BR^F?hPG&b6H+VqtjN5-%t86Dr_~
zu3URQ7SZLyn-%^HTwLXxP3zU|s-lI4!m2uw<Pk2s-`JN-#`!doX0~qWSB5mSlpli5
zH9lsCAFZicL*B|?5(;D#_D3U*QX`(Vq&q~Yh9Zg<j>T2oB&s@7bjQl&OP94Q3@uu=
zbYW|!N=xxhJfj%K|5-Crc3>t@=YW6hA~uj3T5B*C7L**VI_3Gb{f+F`vrjvhKV&+e
zGwq=LfPLK4_HND+80tAYuSxn%?t<L4P0|}PmSp2=yupopJGVu`*E@M_9(?Id)^4BS
zoO!{t?oz`A55vlZQd74Nc7=LuHDvzvWb#R9rhAmE$ic=@>7N!Ur)a#W?sRtjxTT&~
zLQU_MoY|y5xzj7X^=vnM-isLsvckcf-`=dSDO};+d&{VEPG`>@x6H*+UkcxQYp1Hd
zdiTS(bZR-By<pt3fLErr_i>Z+5KUE$&<$F+PnY|X@g!GyD_EkwJIPJSPX-j;fW^ym
zh2GrSC~wCS4~XgyYa*QD{y5`j(=Y0FJcGXn$!M=!h82DW&O|F5A7Rm7ly<`iTpZ1Z
zqL^z3`JQfwB{Y%u_*T;Q5b_8Ut~fw?nUo+^Ej&2H+eq9)=p~5-&5R{5T)1#y5rusu
zrS!uu5&leirkJJ-s@#TUe>N|ZmZIP<Bt1j;E8%a1%LG~w|06*}?0ZzYh|n!cA`+sA
z)vag^*F>3@gK=X8rq9Zav)G|j*Tz{H_({1ht{CO?Hp7*nA{*_(b$h_I>1Fm9yt8T5
zjtI3{2quC|pg`u&5h%X-^8^v8xm5Z);l{dnHdSd={6)gg2x8Wksq`wsZ=9qqj^%Z1
zRgDO*31bOk=mf7f>*O+981!tMm71!qFxdV@16*H#wz*k;4C~wcaAlJd#y3xKe1%ni
z*2Jkg=lvg+341bd`*CPtMFy6H33rXuvTLa=Bj1?6Gx5$HF18;I@AwS&YtLw-hi28y
z14=^S;kcji(_}@(Br7_E6=LH~&@7a5_&0=;gck@g!WiKcA)oLMgl-hy;S|-c?>em9
zSy^ett>HF;o$!5IE*2*9GB~`musEIP@CK4h=Q*)bI@)yR!VN#SGa&x}*RDpPd*kgX
zW!K%760*Q=&@-xQbQaSyqso?0Ix5MNy<W<7?>?}W-2=1tG%+U(?wM|%j^?QNFZH7E
z(LHT!8N9!z3bToQ?{HBowsR*+ahr;0Y^EFdK%da3LqEE=jRoQI-dX6Z(;hT1OWFYL
zg5rJovX6Rupm|>>>w*LO7E~6~NG48G@@hgkp@dL@P|1J2z1~r>^P7Dg_#M7`e+`<l
zeg9G04O6!H;I)UmsU;7!85}<B<+rE3y&I0eEe=G-q+8QpNW9-@{8O?i6XCa|U1%Z<
zYT!#~bx&AB5s}_)<ox+)Q|BX%Y(Z+zBg;*=-t&)}<yALw;G}r}6HPG@^uq84YSRhl
z2<?Ob;XHwIAiqF(pYQ?Pc69R&3U<5`+>~2xN-HAOh_vt_^%Tk<Q^(Tl{!Fbm<p$x{
zpO8Rg1Uj<s$)7uJPN3<nYa{I*LNDPn!gsT#ZjLH=i^VU2NJ8DDF-Z8FAW|yrEdQQN
z<abPLW9_6Zyh!?22wxD&311RK&J~Lm8&L)y9-EeSyEAa@n3vs`Dt!80%A^nc^hE<Z
z1oNJa7k5y{X9#rD@|(r=BR#Khj$QD(XXm#>NWn_D@h#D<19)pm@=$F}?WDCelF}k{
zMBN%wV+qXZiGGE@41wb%0Wp_2G8$UXjH$`=ZJY0+UN@}Z3$Z_MC2uz22ZAngp;(0f
z;@hF|zW&N_4}Kob9&cuUNKJk21?D_S!WRg_$z?RIe<Z@k;N0^COa0V7hwvcbSA;hR
zzbCv!7$;mM{G0GKVG5aX2SIG=GAjKN=AUroQ!MMYSR$r{cyd_7E8!{>I$_g^_uL6)
zYPf2UWDg;a(0E0r#w)!k<>YxLel7W{Ve#1gZhgwIhS#&|^cpe0;RQk5`uItBdn~V+
z5-ENdH^sy8{-`pzl{?9<0)mU+CQK)I5W1O0h$RN_r`1-KXF=(y+vonAq{8>e#L2fM
n>S38Tn2Zd^m1eG>6#pc3C+t7vHC&K<Fm|dtv&+UR#Fgy7DIe1R

diff --git a/routes/__pycache__/room_files.cpython-313.pyc b/routes/__pycache__/room_files.cpython-313.pyc
index 95da95da0931c37753a1ab2b1a18947cf3ab9a9b..21e9e671bd31dcb27e40fb13ecaeb55b86c830a1 100644
GIT binary patch
delta 21
bcmZ2<nrYE#Ca%xCyj%=Guw}wVt{F=KQL+a-

delta 21
bcmZ2<nrYE#Ca%xCyj%=Gz}ml&YsOLlO_K(U

diff --git a/routes/main.py b/routes/main.py
index e63c796..ae2f817 100644
--- a/routes/main.py
+++ b/routes/main.py
@@ -2,7 +2,6 @@ from flask import render_template, Blueprint, redirect, url_for, request, flash,
 from flask_login import current_user, login_required
 from models import User, db, Room, RoomFile, RoomMemberPermission, SiteSettings, Event
 from routes.auth import require_password_change
-from utils.event_logger import log_event
 import os
 from werkzeug.utils import secure_filename
 from sqlalchemy import func, case, literal_column, text
@@ -361,10 +360,6 @@ def init_routes(main_bp):
                 }
                 logger.debug(f"Preparing to create profile update event with details: {event_details}")
                 
-                # Create the event
-                event = log_event('user_update', event_details, current_user.id)
-                logger.debug("Event object created and added to session")
-                
                 # Commit all changes
                 db.session.commit()
                 logger.debug("Profile changes and event committed to database successfully")
diff --git a/static/js/debugging.js b/static/js/debugging.js
index 498c503..4271dd2 100644
--- a/static/js/debugging.js
+++ b/static/js/debugging.js
@@ -22,7 +22,7 @@ document.getElementById('syncFilesBtn').addEventListener('click', async function
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json',
-                'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
+                'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
             }
         });
         
@@ -81,7 +81,7 @@ document.getElementById('verifyDbBtn').addEventListener('click', async function(
             method: 'GET',
             headers: {
                 'Content-Type': 'application/json',
-                'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
+                'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
             }
         });
         
@@ -137,7 +137,7 @@ document.getElementById('cleanupOrphanedBtn').addEventListener('click', async fu
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json',
-                'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
+                'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
             }
         });
         
diff --git a/static/js/events.js b/static/js/events.js
index f33b95e..78cd9e9 100644
--- a/static/js/events.js
+++ b/static/js/events.js
@@ -52,12 +52,12 @@ document.addEventListener('DOMContentLoaded', function() {
                 
                 // Format the details for display
                 const formattedDetails = {
-                    'Event ID': data.id,
-                    'Event Type': data.event_type,
-                    'Timestamp': new Date(data.timestamp).toLocaleString(),
-                    'User': data.user ? `${data.user.username} (${data.user.last_name})` : 'N/A',
-                    'IP Address': data.ip_address || 'N/A',
-                    'User Agent': data.user_agent || 'N/A'
+                    // 'Event ID': data.id,
+                    // 'Event Type': data.event_type,
+                    // 'Timestamp': new Date(data.timestamp).toLocaleString(),
+                    // 'User': data.user ? `${data.user.username} (${data.user.last_name})` : 'N/A',
+                    // 'IP Address': data.ip_address || 'N/A',
+                    // 'User Agent': data.user_agent || 'N/A'
                 };
                 
                 // Handle details separately
diff --git a/static/js/file-grid.js b/static/js/file-grid.js
index 36ffc80..2f7043e 100644
--- a/static/js/file-grid.js
+++ b/static/js/file-grid.js
@@ -80,7 +80,7 @@ function toggleView(view) {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
-            'X-CSRFToken': csrfToken
+            'X-CSRF-Token': csrfToken
         },
         body: JSON.stringify({ preferred_view: view })
     })
@@ -344,7 +344,7 @@ function toggleStar(filename, path = '', roomId) {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
-            'X-CSRFToken': csrfToken
+            'X-CSRF-Token': csrfToken
         },
         body: JSON.stringify({
             filename: filename,
@@ -384,7 +384,7 @@ function restoreFile(filename, path = '', roomId) {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
-            'X-CSRFToken': csrfToken
+            'X-CSRF-Token': csrfToken
         },
         body: JSON.stringify({
             filename: filename,
@@ -438,7 +438,7 @@ function permanentDeleteFile() {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
-            'X-CSRFToken': csrfToken
+            'X-CSRF-Token': csrfToken
         },
         body: JSON.stringify({
             filename: filename,
@@ -530,7 +530,7 @@ function emptyTrash() {
                 method: 'POST',
                 headers: {
                     'Content-Type': 'application/json',
-                    'X-CSRFToken': csrfToken
+                    'X-CSRF-Token': csrfToken
                 }
             })
         );
diff --git a/static/js/rooms/fileManager.js b/static/js/rooms/fileManager.js
index b290ac3..039c3ac 100644
--- a/static/js/rooms/fileManager.js
+++ b/static/js/rooms/fileManager.js
@@ -89,7 +89,7 @@ export class FileManager {
             const response = await fetch(url, {
                 method: 'DELETE',
                 headers: {
-                    'X-CSRFToken': csrfToken
+                    'X-CSRF-Token': csrfToken
                 }
             });
             
@@ -276,7 +276,7 @@ export class FileManager {
                 method: 'POST',
                 headers: {
                     'Content-Type': 'application/json',
-                    'X-CSRFToken': csrfToken
+                    'X-CSRF-Token': csrfToken
                 },
                 body: JSON.stringify({
                     filename: file.name,
@@ -339,7 +339,7 @@ export class FileManager {
                 method: 'POST',
                 headers: {
                     'Content-Type': 'application/json',
-                    'X-CSRFToken': csrfToken
+                    'X-CSRF-Token': csrfToken
                 },
                 body: JSON.stringify({
                     filename: filename,
@@ -513,7 +513,7 @@ export class FileManager {
                 try {
                     const response = await fetch(url, {
                         method: 'DELETE',
-                        headers: { 'X-CSRFToken': csrfToken }
+                        headers: { 'X-CSRF-Token': csrfToken }
                     });
                     const result = await response.json();
                     if (!result.success) {
@@ -536,7 +536,7 @@ export class FileManager {
         try {
             const response = await fetch(url, {
                 method: 'DELETE',
-                headers: { 'X-CSRFToken': csrfToken }
+                headers: { 'X-CSRF-Token': csrfToken }
             });
             const result = await response.json();
             if (result.success) {
diff --git a/static/js/rooms/modalManager.js b/static/js/rooms/modalManager.js
index fb95cd6..0d62df8 100644
--- a/static/js/rooms/modalManager.js
+++ b/static/js/rooms/modalManager.js
@@ -319,7 +319,7 @@ export class ModalManager {
                 method: 'POST',
                 headers: {
                     'Content-Type': 'application/json',
-                    'X-CSRFToken': csrfToken
+                    'X-CSRF-Token': csrfToken
                 },
                 body: JSON.stringify({
                     name: folderName,
diff --git a/static/js/rooms/uploadManager.js b/static/js/rooms/uploadManager.js
index 4522f93..b9de46f 100644
--- a/static/js/rooms/uploadManager.js
+++ b/static/js/rooms/uploadManager.js
@@ -240,7 +240,7 @@ export class UploadManager {
         const csrfToken = document.querySelector('meta[name="csrf-token"]').getAttribute('content');
         const response = await fetch(`/api/rooms/${this.roomManager.roomId}/files/upload`, {
             method: 'POST',
-            headers: { 'X-CSRFToken': csrfToken },
+            headers: { 'X-CSRF-Token': csrfToken },
             body: formData
         });
         
diff --git a/static/js/starred.js b/static/js/starred.js
index 7698d27..d36bfa7 100644
--- a/static/js/starred.js
+++ b/static/js/starred.js
@@ -67,7 +67,7 @@ function toggleView(view) {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
-            'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
+            'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
         },
         body: JSON.stringify({ preferred_view: view })
     })
diff --git a/static/js/trash.js b/static/js/trash.js
index 3492846..6034cc9 100644
--- a/static/js/trash.js
+++ b/static/js/trash.js
@@ -70,7 +70,7 @@ window.emptyTrash = function() {
                 method: 'POST',
                 headers: {
                     'Content-Type': 'application/json',
-                    'X-CSRFToken': csrfToken
+                    'X-CSRF-Token': csrfToken
                 }
             })
         );
@@ -189,7 +189,7 @@ function toggleView(view) {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
-            'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
+            'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
         },
         body: JSON.stringify({ preferred_view: view })
     })
diff --git a/templates/rooms/roombefore.html b/templates/rooms/roombefore.html
index e34df3c..5c6630e 100644
--- a/templates/rooms/roombefore.html
+++ b/templates/rooms/roombefore.html
@@ -611,7 +611,7 @@ function toggleView(view) {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
-            'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
+            'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
         },
         body: JSON.stringify({ preferred_view: view })
     })
@@ -974,7 +974,7 @@ if (canDownload === true || canDownload === 'true') {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json',
-                'X-CSRFToken': csrfToken
+                'X-CSRF-Token': csrfToken
             },
             body: JSON.stringify({ items: selectedItems })
         })
@@ -1057,7 +1057,7 @@ function deleteFileConfirmed() {
             if (item.path) url += `?path=${encodeURIComponent(item.path)}`;
             fetch(url, {
                 method: 'DELETE',
-                headers: { 'X-CSRFToken': csrfToken }
+                headers: { 'X-CSRF-Token': csrfToken }
             })
             .then(r => r.json())
             .then(() => {
@@ -1078,7 +1078,7 @@ function deleteFileConfirmed() {
     fetch(url, {
         method: 'DELETE',
         headers: {
-            'X-CSRFToken': csrfToken
+            'X-CSRF-Token': csrfToken
         }
     })
     .then(r => r.json())
@@ -1140,7 +1140,7 @@ document.getElementById('confirmRenameBtn').addEventListener('click', function()
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
-            'X-CSRFToken': csrfToken
+            'X-CSRF-Token': csrfToken
         },
         body: JSON.stringify({
             old_name: renameTarget,
@@ -1199,7 +1199,7 @@ function toggleStar(filename, path) {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
-            'X-CSRFToken': csrfToken
+            'X-CSRF-Token': csrfToken
         },
         body: JSON.stringify({
             filename: filename,
@@ -1296,7 +1296,7 @@ function moveFileConfirmed() {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
-            'X-CSRFToken': csrfToken
+            'X-CSRF-Token': csrfToken
         },
         body: JSON.stringify({
             filename: fileToMove,
@@ -1368,7 +1368,7 @@ document.addEventListener('DOMContentLoaded', function() {
                 method: 'POST',
                 headers: {
                     'Content-Type': 'application/json',
-                    'X-CSRFToken': csrfToken
+                    'X-CSRF-Token': csrfToken
                 },
                 body: JSON.stringify({
                     name: folderName,
@@ -1552,7 +1552,7 @@ document.addEventListener('DOMContentLoaded', function() {
 
                     const response = await fetch(`/api/rooms/${roomId}/files/upload`, {
                         method: 'POST',
-                        headers: { 'X-CSRFToken': csrfToken },
+                        headers: { 'X-CSRF-Token': csrfToken },
                         body: uploadFormData
                     });
 
@@ -1605,7 +1605,7 @@ document.addEventListener('DOMContentLoaded', function() {
                             uploadFormData.append('overwrite', 'true');
                             const retryResponse = await fetch(`/api/rooms/${roomId}/files/upload`, {
                                 method: 'POST',
-                                headers: { 'X-CSRFToken': csrfToken },
+                                headers: { 'X-CSRF-Token': csrfToken },
                                 body: uploadFormData
                             });
                             
@@ -1622,7 +1622,7 @@ document.addEventListener('DOMContentLoaded', function() {
                             uploadFormData.append('overwrite', 'true');
                             const retryResponse = await fetch(`/api/rooms/${roomId}/files/upload`, {
                                 method: 'POST',
-                                headers: { 'X-CSRFToken': csrfToken },
+                                headers: { 'X-CSRF-Token': csrfToken },
                                 body: uploadFormData
                             });
                             
@@ -1658,7 +1658,7 @@ document.addEventListener('DOMContentLoaded', function() {
                             uploadFormData.append('overwrite', 'true');
                             const retryResponse = await fetch(`/api/rooms/${roomId}/files/upload`, {
                                 method: 'POST',
-                                headers: { 'X-CSRFToken': csrfToken },
+                                headers: { 'X-CSRF-Token': csrfToken },
                                 body: uploadFormData
                             });
                             
@@ -1729,7 +1729,7 @@ if (canRename === true || canRename === 'true') {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json',
-                'X-CSRFToken': csrfToken
+                'X-CSRF-Token': csrfToken
             },
             body: JSON.stringify({
                 old_name: renameTarget,
@@ -1771,7 +1771,7 @@ if (canDownload === true || canDownload === 'true') {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json',
-                'X-CSRFToken': csrfToken
+                'X-CSRF-Token': csrfToken
             },
             body: JSON.stringify({ items: selectedItems })
         })
diff --git a/utils/__pycache__/__init__.cpython-313.pyc b/utils/__pycache__/__init__.cpython-313.pyc
index 56970cb66673c2493994d4a334a26acdf70c2f6f..6b2462b19513b197ecff7d64a4cf0b7434c1c9de 100644
GIT binary patch
delta 20
acmdnNx`UPbGcPX}0}y<gY`KwpEfWAdN(IIM

delta 20
acmdnNx`UPbGcPX}0}$Mfv)IVJmI(klW(9cw