Revalidate authz before requesting inventory

static/webui/script.js

@@ -1083,22 +1083,22 @@ function doAddAllMods() {
         modsAll.add(child.getAttribute("data-key"));
     }
 
-    const req = $.get("/api/inventory.php?" + window.authz + "&xpBasedLevelCapDisabled=1");
+    revalidateAuthz(() => {
-    req.done(data => {
+        const req = $.get("/api/inventory.php?" + window.authz + "&xpBasedLevelCapDisabled=1");
-        for (const modOwned of data.RawUpgrades) {
+        req.done(data => {
-            if (modOwned.ItemCount ?? 1 > 0) {
+            for (const modOwned of data.RawUpgrades) {
-                modsAll.delete(modOwned.ItemType);
+                if (modOwned.ItemCount ?? 1 > 0) {
+                    modsAll.delete(modOwned.ItemType);
+                }
             }
-        }
 
-        modsAll = Array.from(modsAll);
+            modsAll = Array.from(modsAll);
-        // Batch to avoid PayloadTooLargeError
+            // Batch to avoid PayloadTooLargeError
-        const batches = [];
+            const batches = [];
-        for (let i = 0; i < modsAll.length; i += 1000) {
+            for (let i = 0; i < modsAll.length; i += 1000) {
-            batches.push(modsAll.slice(i, i + 1000));
+                batches.push(modsAll.slice(i, i + 1000));
-        }
+            }
-        batches.forEach(batch => {
+            batches.forEach(batch => {
-            revalidateAuthz(() => {
                 $.post({
                     url: "/api/missionInventoryUpdate.php?" + window.authz,
                     contentType: "text/plain",