[nifi] branch main updated: NIFI-10196 Corrected Jolt UI CSRF Header Handling

[ma...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

mattyb149 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/main by this push:
     new 0dea0ae364 NIFI-10196 Corrected Jolt UI CSRF Header Handling
0dea0ae364 is described below

commit 0dea0ae364c3492d7f12b2238880729a2a55d3b0
Author: exceptionfactory <ex...@apache.org>
AuthorDate: Mon Jul 11 21:53:07 2022 -0500

    NIFI-10196 Corrected Jolt UI CSRF Header Handling
    
    Signed-off-by: Matthew Burgess <ma...@apache.org>
    
    This closes #6198
---
 .../nifi-jolt-transform-json-ui/src/main/webapp/app/app.js        | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-jolt-transform-json-ui/src/main/webapp/app/app.js b/nifi-nar-bundles/nifi-standard-bundle/nifi-jolt-transform-json-ui/src/main/webapp/app/app.js
index 1c81562913..4a127605df 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-jolt-transform-json-ui/src/main/webapp/app/app.js
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-jolt-transform-json-ui/src/main/webapp/app/app.js
@@ -19,11 +19,9 @@
 
 var AppRun =  function($rootScope,$state,$http){
 
-    // Get the Request Token for CSRF mitigation and send on all requests
-    if (nf.AuthorizationStorage.hasToken()) {
-        var token = nf.AuthorizationStorage.getRequestToken();
-        $http.defaults.headers.common['Request-Token'] = token;
-    }
+    // Set CSRF Cookie and Header names to match Spring Security configuration in StandardCookieCsrfTokenRepository
+    $http.defaults.xsrfCookieName = '__Secure-Request-Token';
+    $http.defaults.xsrfHeaderName = 'Request-Token';
 
     $rootScope.$on('$stateChangeError', function(event, toState, toParams, fromState, fromParams, error){
         event.preventDefault();