Implement CSRF_COOKIE_HTTPONLY option support

Proposed patch allows passing of CSRF token as hidden input in template. Without it, turning on of CSRF_COOKIE_HTTPONLY severely degrades Horizon functionality. Change-Id: I1b1db496c31e6c64d0c205189e845c2cc0c09184 Closes-bug: #1819423
2019-03-06 16:57:09 +02:00 · 2019-03-06 16:57:09 +02:00 · e37a508636
commit e37a508636
parent 782cb2f22d
1 changed files with 2 additions and 1 deletions
--- a/openstack_dashboard/static/app/app.module.js
+++ b/openstack_dashboard/static/app/app.module.js
@ -112,7 +112,8 @@
    $route
  ) {

-    $http.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken;
+    $http.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken ||
+                $('input[name="csrfmiddlewaretoken"]').val();

    // expose the legacy utils module
    horizon.utils = hzUtils;