left4me/l4d2web/static/js/csrf.js

document.addEventListener("DOMContentLoaded", () => {
  const token = document.querySelector("meta[name='csrf-token']")?.getAttribute("content");
  if (!token || !window.htmx || !window.htmx.on) {
    return;
  }

  window.htmx.on("htmx:configRequest", (event) => {
    event.detail.headers["X-CSRF-Token"] = token;
  });
});