Add CSRF check to more websockets
This adds the token to more websockets that were
missing it.
Change-Id: I633ce28ec9602d33a79d613f94582ba0ff265368
Signed-off-by: James Feist <james.feist@linux.intel.com>
diff --git a/app/common/directives/app-header.js b/app/common/directives/app-header.js
index df39772..7f8459f 100644
--- a/app/common/directives/app-header.js
+++ b/app/common/directives/app-header.js
@@ -9,10 +9,11 @@
'template': require('./app-header.html'),
'scope': {'path': '='},
'controller': [
- '$rootScope', '$scope', 'dataService', 'userModel', '$location',
- '$route',
+ '$rootScope', '$cookies', '$scope', 'dataService', 'userModel',
+ '$location', '$route',
function(
- $rootScope, $scope, dataService, userModel, $location, $route) {
+ $rootScope, $cookies, $scope, dataService, userModel, $location,
+ $route) {
$scope.dataService = dataService;
$scope.username = '';
@@ -20,8 +21,9 @@
// Create a secure websocket with URL as /subscribe
// TODO: Need to put in a generic APIUtils to avoid duplicate
// controller
+ var token = $cookies.get('XSRF-TOKEN');
var ws = new WebSocket(
- 'wss://' + dataService.server_id + '/subscribe');
+ 'wss://' + dataService.server_id + '/subscribe', [token]);
} catch (error) {
console.log('WebSocket', error);
}
diff --git a/app/server-control/controllers/virtual-media-controller.js b/app/server-control/controllers/virtual-media-controller.js
index 19c7e73..60ef92b 100644
--- a/app/server-control/controllers/virtual-media-controller.js
+++ b/app/server-control/controllers/virtual-media-controller.js
@@ -10,8 +10,11 @@
'use strict';
angular.module('app.serverControl').controller('virtualMediaController', [
- '$scope', 'APIUtils', 'toastService', 'dataService', 'nbdServerService',
- function($scope, APIUtils, toastService, dataService, nbdServerService) {
+ '$scope', '$cookies', 'APIUtils', 'toastService', 'dataService',
+ 'nbdServerService',
+ function(
+ $scope, $cookies, APIUtils, toastService, dataService,
+ nbdServerService) {
$scope.devices = [];
// Only one Virtual Media WebSocket device is currently available.
@@ -31,7 +34,9 @@
var file = $scope.devices[index].file;
var id = $scope.devices[index].id;
var host = dataService.getHost().replace('https://', '');
- var server = new NBDServer('wss://' + host + '/vm/0/' + id, file, id);
+ var token = $cookies.get('XSRF-TOKEN');
+ var server =
+ new NBDServer('wss://' + host + '/vm/0/' + id, token, file, id);
$scope.devices[index].nbdServer = server;
nbdServerService.addConnection(id, server, file);
server.start();
@@ -97,7 +102,7 @@
const NBD_STATE_WAIT_OPTION = 4;
const NBD_STATE_TRANSMISSION = 5;
-function NBDServer(endpoint, file, id) {
+function NBDServer(endpoint, token, file, id) {
this.file = file;
this.id = id;
this.endpoint = endpoint;
@@ -106,7 +111,7 @@
this.msgbuf = null;
this.start = function() {
- this.ws = new WebSocket(this.endpoint);
+ this.ws = new WebSocket(this.endpoint, [token]);
this.state = NBD_STATE_OPEN;
this.ws.binaryType = 'arraybuffer';
this.ws.onmessage = this._on_ws_message.bind(this);