fix: include Referer header in API requests

frontend/src/routes/collections/+page.server.ts

@@ -96,6 +96,7 @@ export const actions: Actions = {
 			method: 'POST',
 			headers: {
 				'X-CSRFToken': csrfToken,
+				Referer: event.url.origin, // Include Referer header
 				Cookie: `sessionid=${sessionid}; csrftoken=${csrfToken}`
 			},
 			body: formDataToSend
@@ -174,9 +175,11 @@ export const actions: Actions = {
 			method: 'PATCH',
 			headers: {
 				'X-CSRFToken': csrfToken,
-				Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`
+				Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
+				Referer: event.url.origin // Include Referer header
 			},
 			body: formDataToSend,
+
 			credentials: 'include'
 		});
 

frontend/src/routes/collections/[id]/+page.server.ts

@@ -63,7 +63,8 @@ export const actions: Actions = {
 			headers: {
 				Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
 				'Content-Type': 'application/json',
-				'X-CSRFToken': csrfToken
+				'X-CSRFToken': csrfToken,
+				Referer: event.url.origin // Include Referer header
 			},
 			credentials: 'include'
 		});