diff --git a/src/main/webapp/assets/js/model/server-extended-status.js b/src/main/webapp/assets/js/model/server-extended-status.js index aa9e5fae3..2bde5ee2c 100644 --- a/src/main/webapp/assets/js/model/server-extended-status.js +++ b/src/main/webapp/assets/js/model/server-extended-status.js @@ -22,6 +22,13 @@ define(["backbone", "brooklyn", "view/viewutils"], function (Backbone, Brooklyn, callbacks: [], loaded: false, url: "/v1/server/up/extended", + sync: function(method, collection, options){ + options = options || {}; + options.beforeSend = function (xhr) { + xhr.setRequestHeader('X-Csrf-Token-Required-For-Requests', 'write'); + }; + return Backbone.Model.prototype.sync.apply(this, arguments); + }, onError: function(thiz,xhr,modelish) { log("ServerExtendedStatus: error contacting Brooklyn server"); log(xhr); diff --git a/src/main/webapp/assets/js/router.js b/src/main/webapp/assets/js/router.js index d26bec2c5..64042857b 100644 --- a/src/main/webapp/assets/js/router.js +++ b/src/main/webapp/assets/js/router.js @@ -254,7 +254,7 @@ define([ }); /* - * Prepend a base URL to REST API calls + * Prepend a base URL to REST API calls, and add the CSRF token if present. */ $.ajaxSetup({ beforeSend: function(jqXHR, settings) { @@ -264,6 +264,17 @@ define([ if (baseURL && settings.url.startsWith("/v1")) { settings.url = (baseURL + settings.url).replace("//", "/"); } + + // add CSRF token as header + var ca = document.cookie.split(';'); + for (var i=0; i