Add CSRF backward compatibility for older Sidecars

...who don't have the "X-Requested-By" header yet. Simply accepting "X-Graylog-Collector-Version" serves the same purpose. Relates to #4987
Graylog2 · Oct 9, 2018 · 4213f61 · 4213f61
1 parent 7e0701b
commit 4213f61
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/graylog2-server/src/main/java/org/graylog2/shared/rest/VerboseCsrfProtectionFilter.java b/graylog2-server/src/main/java/org/graylog2/shared/rest/VerboseCsrfProtectionFilter.java
@@ -26,7 +26,10 @@ public class VerboseCsrfProtectionFilter extends CsrfProtectionFilter {
     @Override
     public void filter(ContainerRequestContext rc) throws IOException {
         try {
-            super.filter(rc);
+            // Backward compatibility for Sidecars < 0.1.7
+            if (!rc.getHeaders().containsKey("X-Graylog-Collector-Version")) {
+                super.filter(rc);
+            }
         } catch (BadRequestException badRequestException) {
             throw new BadRequestException(
                     "CSRF protection header is missing. Please add a \"" + HEADER_NAME + "\" header to your request.",