From 7844e82c957d855975ffae3ab3467005fe46963b Mon Sep 17 00:00:00 2001
From: eric <eric.fischer@signtime.media>
Date: Mon, 23 Feb 2026 08:58:18 +0000
Subject: [PATCH] Fix delete JSON error: API routes return 401 JSON instead of
 HTML redirect, robust fetch error handling

---
 app.py                |  3 +++
 templates/emails.html | 10 +++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/app.py b/app.py
index db8b594..ab5e49a 100644
--- a/app.py
+++ b/app.py
@@ -438,6 +438,9 @@ def login_required(f):
     @wraps(f)
     def decorated_function(*args, **kwargs):
         if not session.get('authenticated'):
+            # API-Routen (/api/...) geben JSON zurück statt HTML-Redirect
+            if request.path.startswith('/api/'):
+                return jsonify({'success': False, 'error': 'not_authenticated'}), 401
             return redirect(url_for('login'))
         return f(*args, **kwargs)
     return decorated_function
diff --git a/templates/emails.html b/templates/emails.html
index f681922..928b5f8 100644
--- a/templates/emails.html
+++ b/templates/emails.html
@@ -238,8 +238,16 @@ document.addEventListener('click', function(e) {
   const id = btn.dataset.id;
   if (!confirm('Eintrag #' + id + ' aus dem Log löschen?')) return;
   fetch('/api/sent-emails/' + id + '/delete', {method: 'POST', credentials: 'same-origin'})
-    .then(r => { if (!r.ok) throw new Error('HTTP ' + r.status); return r.json(); })
+    .then(r => {
+      if (r.redirected || r.status === 302 || r.status === 401) {
+        window.location.reload(); return null;
+      }
+      const ct = r.headers.get('content-type') || '';
+      if (!ct.includes('application/json')) throw new Error('Unerwartete Antwort (HTTP ' + r.status + ')');
+      return r.json();
+    })
     .then(d => {
+      if (!d) return;
       if (d.success) {
         const row = document.getElementById('sent-row-' + id);
         if (row) row.remove();