From 8a471edbe047a471df8f706f00a169b8cfdfa4b0 Mon Sep 17 00:00:00 2001
From: Purple <dev@prpl.it>
Date: Sun, 18 Jan 2026 13:35:44 +0000
Subject: [PATCH] Fix CSRF token in schema_apply request

Include csrf_token in POST body for schema_apply API call.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 webapp/settings.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/webapp/settings.php b/webapp/settings.php
index 8512f36..0462bc4 100644
--- a/webapp/settings.php
+++ b/webapp/settings.php
@@ -1320,7 +1320,8 @@ async function applySchemaUpdates() {
             headers: {
                 "Content-Type": "application/json",
                 "X-CSRF-Token": CSRF_TOKEN
-            }
+            },
+            body: JSON.stringify({ csrf_token: CSRF_TOKEN })
         });
         const data = await response.json();