From 80713c405ab6486a0e9c1b81117e5ec97e06d873 Mon Sep 17 00:00:00 2001
From: Bernhard Rusch <bernhard.rusch@elements.at>
Date: Fri, 30 Jul 2021 12:32:45 +0200
Subject: [PATCH] [Notifications] Use proper REST methods (CSRF)

---
 .../AdminBundle/Controller/Admin/NotificationController.php | 6 +++---
 .../Resources/public/js/pimcore/notification/helper.js      | 3 +++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/bundles/AdminBundle/Controller/Admin/NotificationController.php b/bundles/AdminBundle/Controller/Admin/NotificationController.php
index 254d0ff8ad0..45c2278068b 100644
--- a/bundles/AdminBundle/Controller/Admin/NotificationController.php
+++ b/bundles/AdminBundle/Controller/Admin/NotificationController.php
@@ -195,7 +195,7 @@ public function findLastUnreadAction(Request $request, NotificationService $serv
     }
 
     /**
-     * @Route("/mark-as-read", name="pimcore_admin_notification_markasread")
+     * @Route("/mark-as-read", name="pimcore_admin_notification_markasread", methods={"PUT"})
      *
      * @param Request $request
      * @param NotificationService $service
@@ -213,7 +213,7 @@ public function markAsReadAction(Request $request, NotificationService $service)
     }
 
     /**
-     * @Route("/delete", name="pimcore_admin_notification_delete")
+     * @Route("/delete", name="pimcore_admin_notification_delete", methods={"DELETE"})
      *
      * @param Request $request
      * @param NotificationService $service
@@ -231,7 +231,7 @@ public function deleteAction(Request $request, NotificationService $service): Js
     }
 
     /**
-     * @Route("/delete-all", name="pimcore_admin_notification_deleteall")
+     * @Route("/delete-all", name="pimcore_admin_notification_deleteall", methods={"DELETE"})
      *
      * @param Request $request
      * @param NotificationService $service
diff --git a/bundles/AdminBundle/Resources/public/js/pimcore/notification/helper.js b/bundles/AdminBundle/Resources/public/js/pimcore/notification/helper.js
index 6b0d1061069..dc2654f8ddc 100644
--- a/bundles/AdminBundle/Resources/public/js/pimcore/notification/helper.js
+++ b/bundles/AdminBundle/Resources/public/js/pimcore/notification/helper.js
@@ -93,6 +93,7 @@ pimcore.notification.helper.showNotifications = function (notifications) {
 pimcore.notification.helper.markAsRead = function (id, callback) {
     Ext.Ajax.request({
         url: Routing.generate('pimcore_admin_notification_markasread', {id: id}),
+        method: 'PUT',
         success: function (response) {
             if (callback) {
                 callback();
@@ -158,6 +159,7 @@ pimcore.notification.helper.openDetailsWindow = function (id, title, message, ty
 pimcore.notification.helper.delete = function (id, callback) {
     Ext.Ajax.request({
         url: Routing.generate('pimcore_admin_notification_delete', {id: id}),
+        method: 'DELETE',
         success: function (response) {
             if (callback) {
                 callback();
@@ -169,6 +171,7 @@ pimcore.notification.helper.delete = function (id, callback) {
 pimcore.notification.helper.deleteAll = function (callback) {
     Ext.Ajax.request({
         url: Routing.generate('pimcore_admin_notification_deleteall'),
+        method: 'DELETE',
         success: function (response) {
             if (callback) {
                 callback();