From e37a508636f78a08cc750dccd9a9e85141c492c8 Mon Sep 17 00:00:00 2001
From: vmarkov <vmarkov@mirantis.com>
Date: Wed, 6 Mar 2019 16:57:09 +0200
Subject: [PATCH] Implement CSRF_COOKIE_HTTPONLY option support

Proposed patch allows passing of CSRF token as hidden input in template.
Without it, turning on of CSRF_COOKIE_HTTPONLY severely degrades Horizon
functionality.

Change-Id: I1b1db496c31e6c64d0c205189e845c2cc0c09184
Closes-bug: #1819423
---
 openstack_dashboard/static/app/app.module.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/openstack_dashboard/static/app/app.module.js b/openstack_dashboard/static/app/app.module.js
index 3801c5cc70..48ee1e7ce1 100644
--- a/openstack_dashboard/static/app/app.module.js
+++ b/openstack_dashboard/static/app/app.module.js
@@ -112,7 +112,8 @@
     $route
   ) {
 
-    $http.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken;
+    $http.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken ||
+                $('input[name="csrfmiddlewaretoken"]').val();
 
     // expose the legacy utils module
     horizon.utils = hzUtils;