[AIRFLOW-2866] Fix missing CSRF token head when using RBAC UI (apache…

…#3804)
aliceabe · Jan 3, 2019 · 5595c1e · 5595c1e
1 parent 2b10054
commit 5595c1e
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 3 deletions.
diff --git a/airflow/www_rbac/static/js/clock.js → airflow/www_rbac/static/js/base.js b/airflow/www_rbac/static/js/clock.js → airflow/www_rbac/static/js/base.js
@@ -33,4 +33,11 @@ function displayTime() {
 $(document).ready(function () {
   displayTime();
   $('span').tooltip();
+  $.ajaxSetup({
+    beforeSend: function(xhr, settings) {
+      if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
+        xhr.setRequestHeader("X-CSRFToken", csrfToken);
+      }
+    }
+  });
 });
diff --git a/airflow/www_rbac/templates/appbuilder/baselayout.html b/airflow/www_rbac/templates/appbuilder/baselayout.html
@@ -67,9 +67,9 @@
 {% block tail_js %}
 {{ super() }}
 <script type="text/javascript">
-  // below variables are used in clock.js
+  // below variables are used in base.js
   var hostName = '{{ hostname }}';
   var csrfToken = '{{ csrf_token() }}';
 </script>
-<script src="{{ url_for_asset('clock.js') }}" type="text/javascript"></script>
+<script src="{{ url_for_asset('base.js') }}" type="text/javascript"></script>
 {% endblock %}
diff --git a/airflow/www_rbac/webpack.config.js b/airflow/www_rbac/webpack.config.js
@@ -35,7 +35,7 @@ const BUILD_DIR = path.resolve(__dirname, './static/dist');
 const config = {
   entry: {
     connectionForm: `${STATIC_DIR}/js/connection_form.js`,
-    clock: `${STATIC_DIR}/js/clock.js`,
+    base: `${STATIC_DIR}/js/base.js`,
     graph: `${STATIC_DIR}/js/graph.js`,
     ganttChartD3v2: `${STATIC_DIR}/js/gantt-chart-d3v2.js`,
     main: `${STATIC_DIR}/css/main.css`,