[IMP] website: reintroduce a way to post from js

It was deleted in 11.0 as it was not used anymore. Now, it is
reintroduce as it is a nice utility function for some external app or
fixes. Here, it is use so that /website/add and /website/add/<path> work
as a controller POST with a CSRF token.

task-2241766

addons/website/controllers/main.py

@@ -311,7 +311,7 @@ class Website(Home):
         }
         return request.render("website.list_website_pages", values)
 
-    @http.route(['/website/add/', '/website/add/<path:path>'], type='http', auth="user", website=True)
+    @http.route(['/website/add/', '/website/add/<path:path>'], type='http', auth="user", website=True, methods=['POST'])
     def pagenew(self, path="", noredirect=False, add_menu=False, template=False, **kwargs):
         # for supported mimetype, get correct default template
         _, ext = os.path.splitext(path)

addons/website/static/src/js/menu/new_content.js

@@ -94,8 +94,9 @@ var NewContentMenu = websiteNavbarData.WebsiteNavbarActionWidget.extend({
                 return;
             }
             var url = '/website/add/' + encodeURIComponent(val);
-            if ($dialog.find('input[type="checkbox"]').is(':checked')) url +='?add_menu=1';
-            document.location = url;
+            const res = wUtils.sendRequest(url, {
+                add_menu: $dialog.find('input[type="checkbox"]').is(':checked') || '',
+            });
             return new Promise(function () {});
         });
     },

addons/website/static/src/js/utils.js

@@ -227,11 +227,44 @@ function websiteDomain(self) {
     return ['|', ['website_id', '=', false], ['website_id', '=', websiteID]];
 }
 
+function sendRequest(route, params) {
+    function _addInput(form, name, value) {
+        let param = document.createElement('input');
+        param.setAttribute('type', 'hidden');
+        param.setAttribute('name', name);
+        param.setAttribute('value', value);
+        form.appendChild(param);
+    }
+
+    let form = document.createElement('form');
+    form.setAttribute('action', route);
+    form.setAttribute('method', params.method || 'POST');
+
+    if (core.csrf_token) {
+        _addInput(form, 'csrf_token', core.csrf_token);
+    }
+
+    for (const key in params) {
+        const value = params[key];
+        if (Array.isArray(value) && value.length) {
+            for (const val of value) {
+                _addInput(form, key, val);
+            }
+        } else {
+            _addInput(form, key, value);
+        }
+    }
+
+    document.body.appendChild(form);
+    form.submit();
+}
+
 return {
     loadAnchors: loadAnchors,
     autocompleteWithPages: autocompleteWithPages,
     onceAllImagesLoaded: onceAllImagesLoaded,
     prompt: prompt,
+    sendRequest: sendRequest,
     websiteDomain: websiteDomain,
 };
 });