Add CSRF to all remaining websockets
This passes the CSRF with the websocket so that
the pages continue to work after CSRF is added.
Tested: Verified SOL still worked
Change-Id: I8f1066c2769f92034c349e7112ebc1070adcd35b
Signed-off-by: James Feist <james.feist@linux.intel.com>
diff --git a/app/common/directives/serial-console.js b/app/common/directives/serial-console.js
index 0a821db..6e0137a 100644
--- a/app/common/directives/serial-console.js
+++ b/app/common/directives/serial-console.js
@@ -55,8 +55,8 @@
'template': require('./serial-console.html'),
'scope': {'path': '=', 'showTabBtn': '=?'},
'controller': [
- '$scope', '$window', 'dataService', '$element',
- function($scope, $window, dataService, $element) {
+ '$scope', '$cookies', '$window', 'dataService', '$element',
+ function($scope, $cookies, $window, dataService, $element) {
$scope.dataService = dataService;
// See https://github.com/xtermjs/xterm.js/ for available xterm
@@ -102,8 +102,9 @@
term.setOption('theme', SOL_THEME);
var hostname = dataService.getHost().replace('https://', '');
var host = 'wss://' + hostname + '/console0';
+ var token = $cookies.get('XSRF-TOKEN');
try {
- var ws = new WebSocket(host);
+ var ws = new WebSocket(host, [token]);
term.attach(ws);
ws.onopen = function() {
console.log('websocket opened');
diff --git a/app/common/services/api-utils.js b/app/common/services/api-utils.js
index 091f72b..8e25b9c 100644
--- a/app/common/services/api-utils.js
+++ b/app/common/services/api-utils.js
@@ -9,8 +9,8 @@
window.angular && (function(angular) {
'use strict';
angular.module('app.common.services').factory('APIUtils', [
- '$http', 'Constants', '$q', 'dataService', '$interval',
- function($http, Constants, $q, DataService, $interval) {
+ '$http', '$cookies', 'Constants', '$q', 'dataService', '$interval',
+ function($http, $cookies, Constants, $q, DataService, $interval) {
var getScaledValue = function(value, scale) {
scale = scale + '';
scale = parseInt(scale, 10);
@@ -139,9 +139,9 @@
ws.close();
deferred.reject(new Error(Constants.MESSAGES.POLL.HOST_ON_TIMEOUT));
}, Constants.TIMEOUT.HOST_ON);
-
- var ws =
- new WebSocket('wss://' + DataService.server_id + '/subscribe');
+ var token = $cookies.get('XSRF-TOKEN');
+ var ws = new WebSocket(
+ 'wss://' + DataService.server_id + '/subscribe', [token]);
var data = JSON.stringify({
'paths': ['/xyz/openbmc_project/state/host0'],
'interfaces': ['xyz.openbmc_project.State.Host']
@@ -175,8 +175,9 @@
deferred.reject(new Error(message));
}, timeout);
};
- var ws =
- new WebSocket('wss://' + DataService.server_id + '/subscribe');
+ var token = $cookies.get('XSRF-TOKEN');
+ var ws = new WebSocket(
+ 'wss://' + DataService.server_id + '/subscribe', [token]);
var data = JSON.stringify({
'paths': ['/xyz/openbmc_project/state/host0'],
'interfaces': ['xyz.openbmc_project.State.Host']
@@ -220,8 +221,9 @@
new Error(Constants.MESSAGES.POLL.HOST_OFF_TIMEOUT));
}, Constants.TIMEOUT.HOST_OFF);
- var ws =
- new WebSocket('wss://' + DataService.server_id + '/subscribe');
+ var token = $cookies.get('XSRF-TOKEN');
+ var ws = new WebSocket(
+ 'wss://' + DataService.server_id + '/subscribe', [token]);
var data = JSON.stringify({
'paths': ['/xyz/openbmc_project/state/host0'],
'interfaces': ['xyz.openbmc_project.State.Host']