Add CSRF to all remaining websockets This passes the CSRF with the websocket so that the pages continue to work after CSRF is added. Tested: Verified SOL still worked Change-Id: I8f1066c2769f92034c349e7112ebc1070adcd35b Signed-off-by: James Feist <james.feist@linux.intel.com>

commit: 6a8d180f284e513da2f3d8e0a76769e8b4108abf [log] [tgz]
author: James Feist <james.feist@linux.intel.com> Wed Apr 08 14:04:19 2020 -0700
committer: James Feist <james.feist@linux.intel.com> Tue Apr 14 15:36:23 2020 +0000
tree: 518568ed4c8f5f69a2353986a03de19fd9040d16
parent: c3f5e3181d8753c8741ccde0578dfea041e3afb2 [diff] [blame]
diff --git a/app/common/services/api-utils.js b/app/common/services/api-utils.js
index 091f72b..8e25b9c 100644
--- a/app/common/services/api-utils.js
+++ b/app/common/services/api-utils.js

@@ -9,8 +9,8 @@
 window.angular && (function(angular) {
   'use strict';
   angular.module('app.common.services').factory('APIUtils', [
-    '$http', 'Constants', '$q', 'dataService', '$interval',
-    function($http, Constants, $q, DataService, $interval) {
+    '$http', '$cookies', 'Constants', '$q', 'dataService', '$interval',
+    function($http, $cookies, Constants, $q, DataService, $interval) {
       var getScaledValue = function(value, scale) {
         scale = scale + '';
         scale = parseInt(scale, 10);
@@ -139,9 +139,9 @@
             ws.close();
             deferred.reject(new Error(Constants.MESSAGES.POLL.HOST_ON_TIMEOUT));
           }, Constants.TIMEOUT.HOST_ON);
-
-          var ws =
-              new WebSocket('wss://' + DataService.server_id + '/subscribe');
+          var token = $cookies.get('XSRF-TOKEN');
+          var ws = new WebSocket(
+              'wss://' + DataService.server_id + '/subscribe', [token]);
           var data = JSON.stringify({
             'paths': ['/xyz/openbmc_project/state/host0'],
             'interfaces': ['xyz.openbmc_project.State.Host']
@@ -175,8 +175,9 @@
               deferred.reject(new Error(message));
             }, timeout);
           };
-          var ws =
-              new WebSocket('wss://' + DataService.server_id + '/subscribe');
+          var token = $cookies.get('XSRF-TOKEN');
+          var ws = new WebSocket(
+              'wss://' + DataService.server_id + '/subscribe', [token]);
           var data = JSON.stringify({
             'paths': ['/xyz/openbmc_project/state/host0'],
             'interfaces': ['xyz.openbmc_project.State.Host']
@@ -220,8 +221,9 @@
                 new Error(Constants.MESSAGES.POLL.HOST_OFF_TIMEOUT));
           }, Constants.TIMEOUT.HOST_OFF);
 
-          var ws =
-              new WebSocket('wss://' + DataService.server_id + '/subscribe');
+          var token = $cookies.get('XSRF-TOKEN');
+          var ws = new WebSocket(
+              'wss://' + DataService.server_id + '/subscribe', [token]);
           var data = JSON.stringify({
             'paths': ['/xyz/openbmc_project/state/host0'],
             'interfaces': ['xyz.openbmc_project.State.Host']
commit	6a8d180f284e513da2f3d8e0a76769e8b4108abf	[log] [tgz]
author	James Feist <james.feist@linux.intel.com>	Wed Apr 08 14:04:19 2020 -0700
committer	James Feist <james.feist@linux.intel.com>	Tue Apr 14 15:36:23 2020 +0000
tree	518568ed4c8f5f69a2353986a03de19fd9040d16
parent	c3f5e3181d8753c8741ccde0578dfea041e3afb2 [diff] [blame]