Add CSRF to all remaining websockets
This passes the CSRF with the websocket so that
the pages continue to work after CSRF is added.
Tested: Verified SOL still worked
Change-Id: I8f1066c2769f92034c349e7112ebc1070adcd35b
Signed-off-by: James Feist <james.feist@linux.intel.com>
diff --git a/app/common/directives/serial-console.js b/app/common/directives/serial-console.js
index 0a821db..6e0137a 100644
--- a/app/common/directives/serial-console.js
+++ b/app/common/directives/serial-console.js
@@ -55,8 +55,8 @@
'template': require('./serial-console.html'),
'scope': {'path': '=', 'showTabBtn': '=?'},
'controller': [
- '$scope', '$window', 'dataService', '$element',
- function($scope, $window, dataService, $element) {
+ '$scope', '$cookies', '$window', 'dataService', '$element',
+ function($scope, $cookies, $window, dataService, $element) {
$scope.dataService = dataService;
// See https://github.com/xtermjs/xterm.js/ for available xterm
@@ -102,8 +102,9 @@
term.setOption('theme', SOL_THEME);
var hostname = dataService.getHost().replace('https://', '');
var host = 'wss://' + hostname + '/console0';
+ var token = $cookies.get('XSRF-TOKEN');
try {
- var ws = new WebSocket(host);
+ var ws = new WebSocket(host, [token]);
term.attach(ws);
ws.onopen = function() {
console.log('websocket opened');