From bd8fa6ddf7ada3355237adebcbf246b06f1117c4 Mon Sep 17 00:00:00 2001
From: sysadmin <sysadmin@silverlined.dev>
Date: Tue, 18 Nov 2025 14:34:33 +0000
Subject: [PATCH] fix: Add missing antiforgery token to Messages Reply form
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Added @Html.AntiForgeryToken() to Customer.cshtml reply form
- Fixes HTTP 400 error when replying to customer messages
- Required for CSRF protection with [ValidateAntiForgeryToken]

The form was missing the CSRF token which caused ASP.NET Core to reject
all POST requests to /Admin/Messages/Reply with HTTP 400 status.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 LittleShop/Areas/Admin/Views/Messages/Customer.cshtml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/LittleShop/Areas/Admin/Views/Messages/Customer.cshtml b/LittleShop/Areas/Admin/Views/Messages/Customer.cshtml
index 01d1dbe..bfaefa0 100644
--- a/LittleShop/Areas/Admin/Views/Messages/Customer.cshtml
+++ b/LittleShop/Areas/Admin/Views/Messages/Customer.cshtml
@@ -143,6 +143,7 @@
                         </div>
                         <div class="card-body">
                             <form method="post" action="@Url.Action("Reply")">
+                                @Html.AntiForgeryToken()
                                 <input type="hidden" name="customerId" value="@Model.CustomerId" />
                                 
                                 <div class="mb-3">