You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ma...@apache.org on 2022/07/13 19:26:32 UTC
[nifi] branch main updated: NIFI-10196 Corrected Jolt UI CSRF Header Handling
This is an automated email from the ASF dual-hosted git repository.
mattyb149 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 0dea0ae364 NIFI-10196 Corrected Jolt UI CSRF Header Handling
0dea0ae364 is described below
commit 0dea0ae364c3492d7f12b2238880729a2a55d3b0
Author: exceptionfactory <ex...@apache.org>
AuthorDate: Mon Jul 11 21:53:07 2022 -0500
NIFI-10196 Corrected Jolt UI CSRF Header Handling
Signed-off-by: Matthew Burgess <ma...@apache.org>
This closes #6198
---
.../nifi-jolt-transform-json-ui/src/main/webapp/app/app.js | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-jolt-transform-json-ui/src/main/webapp/app/app.js b/nifi-nar-bundles/nifi-standard-bundle/nifi-jolt-transform-json-ui/src/main/webapp/app/app.js
index 1c81562913..4a127605df 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-jolt-transform-json-ui/src/main/webapp/app/app.js
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-jolt-transform-json-ui/src/main/webapp/app/app.js
@@ -19,11 +19,9 @@
var AppRun = function($rootScope,$state,$http){
- // Get the Request Token for CSRF mitigation and send on all requests
- if (nf.AuthorizationStorage.hasToken()) {
- var token = nf.AuthorizationStorage.getRequestToken();
- $http.defaults.headers.common['Request-Token'] = token;
- }
+ // Set CSRF Cookie and Header names to match Spring Security configuration in StandardCookieCsrfTokenRepository
+ $http.defaults.xsrfCookieName = '__Secure-Request-Token';
+ $http.defaults.xsrfHeaderName = 'Request-Token';
$rootScope.$on('$stateChangeError', function(event, toState, toParams, fromState, fromParams, error){
event.preventDefault();