Fix XSRF-TOKEN issue (#198) (#199)

vmware · Dec 6, 2017 · 0721b38 · 0721b38
1 parent 64140c2
commit 0721b38
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 1 deletion.
diff --git a/h5c/vic/src/vic-webapp/src/app/app.module.ts b/h5c/vic/src/vic-webapp/src/app/app.module.ts
@@ -17,7 +17,7 @@
 import { NgModule, ErrorHandler } from '@angular/core';
 import { BrowserModule } from '@angular/platform-browser';
 import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
-import { HttpModule } from '@angular/http';
+import { HttpModule, XSRFStrategy } from '@angular/http';
 import { ClarityModule } from 'clarity-angular';
 import { AlertIconAndTypesService } from 'clarity-angular/emphasis/alert/providers/icon-and-types-service';
 
@@ -35,6 +35,7 @@ import { AppErrorHandler } from './shared/appErrorHandler';
 
 import { AppRoutingModule, routedComponents } from './app-routing.module';
 import { AppComponent } from './app.component';
+import { DisableCookieXSRFStrategy } from './shared/utils/disable-cookie-xsrf-strategy';
 
 @NgModule({
   imports: [
@@ -54,6 +55,7 @@ import { AppComponent } from './app.component';
     AppAlertService,
     AppErrorHandler,
     Globals,
+    { provide: XSRFStrategy, useClass: DisableCookieXSRFStrategy },
     GlobalsService,
     I18nService,
     Vic18nService,

diff --git a/h5c/vic/src/vic-webapp/src/app/shared/utils/disable-cookie-xsrf-strategy.ts b/h5c/vic/src/vic-webapp/src/app/shared/utils/disable-cookie-xsrf-strategy.ts
@@ -0,0 +1,27 @@
+/*
+ Copyright 2017 VMware, Inc. All Rights Reserved.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+import { Injectable } from '@angular/core';
+import { XSRFStrategy, Request } from '@angular/http';
+
+/**
+ * Disables XSRF Strategy set enabled by default to prevent issue 195
+ * (see https://github.com/vmware/vic-ui/issues/195)
+ */
+
+@Injectable()
+export class DisableCookieXSRFStrategy implements XSRFStrategy {
+  configureRequest(req: Request): void {}
+}