From 8c21530af07bf57a3059a49f505340ad5628c5ff Mon Sep 17 00:00:00 2001 From: Alex Heneveld Date: Sun, 13 Nov 2016 08:42:25 -0700 Subject: [PATCH] request and set the csrf header protection added to brooklyn server --- .../assets/js/model/server-extended-status.js | 7 +++++++ src/main/webapp/assets/js/router.js | 13 ++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/src/main/webapp/assets/js/model/server-extended-status.js b/src/main/webapp/assets/js/model/server-extended-status.js index aa9e5fae3..2bde5ee2c 100644 --- a/src/main/webapp/assets/js/model/server-extended-status.js +++ b/src/main/webapp/assets/js/model/server-extended-status.js @@ -22,6 +22,13 @@ define(["backbone", "brooklyn", "view/viewutils"], function (Backbone, Brooklyn, callbacks: [], loaded: false, url: "/v1/server/up/extended", + sync: function(method, collection, options){ + options = options || {}; + options.beforeSend = function (xhr) { + xhr.setRequestHeader('X-Csrf-Token-Required-For-Requests', 'write'); + }; + return Backbone.Model.prototype.sync.apply(this, arguments); + }, onError: function(thiz,xhr,modelish) { log("ServerExtendedStatus: error contacting Brooklyn server"); log(xhr); diff --git a/src/main/webapp/assets/js/router.js b/src/main/webapp/assets/js/router.js index d26bec2c5..64042857b 100644 --- a/src/main/webapp/assets/js/router.js +++ b/src/main/webapp/assets/js/router.js @@ -254,7 +254,7 @@ define([ }); /* - * Prepend a base URL to REST API calls + * Prepend a base URL to REST API calls, and add the CSRF token if present. */ $.ajaxSetup({ beforeSend: function(jqXHR, settings) { @@ -264,6 +264,17 @@ define([ if (baseURL && settings.url.startsWith("/v1")) { settings.url = (baseURL + settings.url).replace("//", "/"); } + + // add CSRF token as header + var ca = document.cookie.split(';'); + for (var i=0; i