Merge branch 'changes/xsrf_cookie_CO2' into 'master'

Added xsrf cookie to CO2 requests See merge request caimira/caimira!500
CERN · Jun 21, 2024 · c54b37a · c54b37a
2 parents d25b41b + a70c32e
commit c54b37a
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 7 deletions.
diff --git a/caimira/apps/calculator/__init__.py b/caimira/apps/calculator/__init__.py
@@ -434,13 +434,6 @@ def get(self):
 
 
 class CO2ModelResponse(BaseRequestHandler):
-    def check_xsrf_cookie(self):
-        """
-        This request handler implements a stateless API that returns report data in JSON format.
-        Thus, XSRF cookies are disabled by overriding base class implementation of this method with a pass statement.
-        """
-        pass
-
     async def post(self, endpoint: str) -> None:
         data_registry: DataRegistry = self.settings["data_registry"]
         data_service: typing.Optional[DataService] = self.settings.get("data_service", None)

diff --git a/caimira/apps/calculator/static/js/co2_form.js b/caimira/apps/calculator/static/js/co2_form.js
@@ -312,6 +312,11 @@ function plotCO2Data(url) {
     fetch(url, {
       method: "POST",
       body: JSON.stringify(CO2_mapping),
+      headers: {
+        "Content-Type": "application/json",
+        "X-XSRFToken": document.getElementsByName('_xsrf')[0].value
+      },
+      credentials: "include",
     }).then((response) =>
       response
         .json()
@@ -347,6 +352,11 @@ function submitFittingAlgorithm(url) {
     fetch(url, {
       method: "POST",
       body: JSON.stringify(CO2_mapping),
+      headers: {
+        "Content-Type": "application/json",
+        "X-XSRFToken": document.getElementsByName('_xsrf')[0].value
+      },
+      credentials: "include",
     })
       .then((response) => response.json())
       .then((json_response) => {