QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-05-12 19:35:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

[api] enable CSRF by default (#9205)

Browse Source 
* [api] Fix, don't exempt CSRF on APIs

* adds cookie based CSRF token support

* blacking

Co-authored-by: ʈᵃᵢ <tdupreetan@gmail.com>
This commit is contained in:
Daniel Vaz Gaspar
2020-03-03 12:22:40 +00:00
committed by GitHub
parent 28c05b22e8
commit 26e916e46b
4 changed files with 76 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
superset-frontend/src/setup/setupClient.js
View File

@@ -18,15 +18,19 @@
*/
/* eslint no-console: 0 */
import { SupersetClient } from '@superset-ui/connection';
import parseCookie from 'src/utils/parseCookie';
export default function setupClient() {
const csrfNode = document.querySelector('#csrf_token');
const csrfToken = csrfNode ? csrfNode.value : null;
// when using flask-jwt-extended csrf is set in cookies
const cookieCSRFToken = parseCookie().csrf_access_token || '';
SupersetClient.configure({
protocol: (window.location && window.location.protocol) || '',
host: (window.location && window.location.host) || '',
csrfToken,
csrfToken: csrfToken || cookieCSRFToken,
})
.init()
.catch(error => {