Add CSRF check to more websockets
This adds the token to more websockets that were
missing it.
Change-Id: I633ce28ec9602d33a79d613f94582ba0ff265368
Signed-off-by: James Feist <james.feist@linux.intel.com>
diff --git a/app/common/directives/app-header.js b/app/common/directives/app-header.js
index df39772..7f8459f 100644
--- a/app/common/directives/app-header.js
+++ b/app/common/directives/app-header.js
@@ -9,10 +9,11 @@
'template': require('./app-header.html'),
'scope': {'path': '='},
'controller': [
- '$rootScope', '$scope', 'dataService', 'userModel', '$location',
- '$route',
+ '$rootScope', '$cookies', '$scope', 'dataService', 'userModel',
+ '$location', '$route',
function(
- $rootScope, $scope, dataService, userModel, $location, $route) {
+ $rootScope, $cookies, $scope, dataService, userModel, $location,
+ $route) {
$scope.dataService = dataService;
$scope.username = '';
@@ -20,8 +21,9 @@
// Create a secure websocket with URL as /subscribe
// TODO: Need to put in a generic APIUtils to avoid duplicate
// controller
+ var token = $cookies.get('XSRF-TOKEN');
var ws = new WebSocket(
- 'wss://' + dataService.server_id + '/subscribe');
+ 'wss://' + dataService.server_id + '/subscribe', [token]);
} catch (error) {
console.log('WebSocket', error);
}