Add XSRF token into websocket request
Add XSRF token so we can implement CRSF checking
on websockets.
Tested: Saw it in bmcweb logs
Change-Id: Ie9479508bc69fad631f66fb282133ad18d025300
Signed-off-by: James Feist <james.feist@linux.intel.com>
diff --git a/app/server-control/directives/kvm-console.js b/app/server-control/directives/kvm-console.js
index 913990d..f00d802 100644
--- a/app/server-control/directives/kvm-console.js
+++ b/app/server-control/directives/kvm-console.js
@@ -12,7 +12,7 @@
'use strict';
angular.module('app.serverControl').directive('kvmConsole', [
- '$log', '$location',
+ '$log', '$cookies', '$location',
function($log, $location) {
return {
restrict: 'E', template: require('./kvm-console.html'),
@@ -42,9 +42,10 @@
var port = $location.port();
var target = element[0].firstElementChild;
try {
+ var token = $cookies.get('XSRF-TOKEN');
rfb = new RFB(
- target, 'wss://' + host + ':' + port + '/kvm/0', {});
-
+ target, 'wss://' + host + '/kvm/0',
+ {'wsProtocols': [token]});
rfb.addEventListener('connect', connected);
rfb.addEventListener('disconnect', disconnected);
} catch (exc) {