fix: use $.CSRFField in dashboard template range loop (closes #146 )

Inside the {{range .AppStats}} block, the dot context is *AppStats, not the root template data. Use $ to access the root-level CSRFField added by addGlobals.
test: add failing test for CSRFField in dashboard template with apps
2026-02-26 02:55:53 -08:00 · 2026-02-26 02:55:37 -08:00
1 changed files with 4 additions and 4 deletions
--- a/internal/handlers/handlers_test.go
+++ b/internal/handlers/handlers_test.go
@@ -405,12 +405,13 @@ func TestHandleDashboard(t *testing.T) {
 		assert.Contains(t, recorder.Body.String(), "Applications")
 	})

-	t.Run("renders dashboard with apps without crashing on CSRFField", func(t *testing.T) {
+	t.Run("renders dashboard with apps without CSRFField error", func(t *testing.T) {
 		t.Parallel()

 		testCtx := setupTestHandlers(t)

-		// Create an app so the template iterates over AppStats and hits .CSRFField
+		// Create an app so the range loop in dashboard.html executes,
+		// which triggers .CSRFField access on each AppStats item.
 		createTestApp(t, testCtx, "csrf-test-app")

 		request := httptest.NewRequest(http.MethodGet, "/", nil)
@@ -419,8 +420,7 @@ func TestHandleDashboard(t *testing.T) {
 		handler := testCtx.handlers.HandleDashboard()
 		handler.ServeHTTP(recorder, request)

-		assert.Equal(t, http.StatusOK, recorder.Code,
-			"dashboard should not 500 when apps exist (CSRFField must be accessible)")
+		assert.Equal(t, http.StatusOK, recorder.Code, "dashboard should render without template error")
 		assert.Contains(t, recorder.Body.String(), "csrf-test-app")
 	})
 }