Google Git
Sign in
eclipse / app4mc / org.eclipse.app4mc.cloud / 9a33adc1557aa38c22f89840f523d480a49d24da^! / .
commit9a33adc1557aa38c22f89840f523d480a49d24da[log] [tgz]
authorDirk Fauth <Dirk.Fauth@de.bosch.com>Wed Oct 21 07:02:50 2020 +0200
committerDirk Fauth <Dirk.Fauth@de.bosch.com>Wed Oct 21 07:02:50 2020 +0200
tree7f0aecbfd4a075d602c66b41d2bd45e23a1fdbd9
parentce0501f83824e8f4fa50c30700977507f846ce56 [diff]
Disable CSRF Protection

Change-Id: I150b141fdf7eb149ee55fae42968d1c4d5fcd162
Signed-off-by: Dirk Fauth <Dirk.Fauth@de.bosch.com>
diff --git a/manager/src/main/java/org/eclipse/app4mc/cloud/manager/WebSecurityConfig.java b/manager/src/main/java/org/eclipse/app4mc/cloud/manager/WebSecurityConfig.java
index c81ee1a..bbfced6 100644
--- a/manager/src/main/java/org/eclipse/app4mc/cloud/manager/WebSecurityConfig.java
+++ b/manager/src/main/java/org/eclipse/app4mc/cloud/manager/WebSecurityConfig.java

@@ -39,7 +39,10 @@
 			.permitAll()
 			.and()
 		.logout()
-			.permitAll();
+			.permitAll()
+			.and()
+		.csrf()
+			.disable();
 	}
 
 	@Bean

diff --git a/manager/src/main/resources/templates/admin.html b/manager/src/main/resources/templates/admin.html
index 8941c63..107c8a6 100644
--- a/manager/src/main/resources/templates/admin.html
+++ b/manager/src/main/resources/templates/admin.html

@@ -3,8 +3,6 @@
 <head> 
 <title>APP4MC Cloud Manager - Administration</title> 
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-<meta id="_csrf" name="_csrf" th:content="${_csrf.token}"/>
-<meta id="_csrf_header" name="_csrf_header" th:content="${_csrf.headerName}"/>
 <link href="webjars/bootstrap/4.5.2/css/bootstrap.min.css" rel="stylesheet">
 <script src="webjars/jquery/3.5.1/jquery.min.js"></script>
 <script type="module" src="webjars/popper.js/1.16.0/popper.min.js"></script>
@@ -16,9 +14,6 @@
 	$.ajax({
 		type: 'POST',
 		url: '/admin/remove/' + service,
-		beforeSend: function(xhr) {
-            xhr.setRequestHeader(header, token);
-        },
 		success: function(result) {
 			location.reload();
 		}
@@ -69,7 +64,6 @@
 					</div>
 				</div>
 				<div class="row">
-					<input type="hidden" id="service_csrf" th:name="${_csrf.parameterName}" th:value="${_csrf.token}"/>
 					<div class="col text-right" style="padding-right:2px">
 				        <input type="submit" id="submitServicesButton" th:value="Save" class="btn btn-primary"/>
 					</div>
@@ -115,7 +109,6 @@
 					</div>
 				</div>
 				<div class="row">
-					<input type="hidden" id="proxy_csrf" th:name="${_csrf.parameterName}" th:value="${_csrf.token}"/>
 					<div class="col text-right" style="padding-right:2px">
 				        <input type="submit" id="submitProxyButton" th:value="Save" class="btn btn-primary mt-2"/>
 					</div>

diff --git a/manager/src/main/resources/templates/workflow.html b/manager/src/main/resources/templates/workflow.html
index c67d09b..de9203f 100644
--- a/manager/src/main/resources/templates/workflow.html
+++ b/manager/src/main/resources/templates/workflow.html

@@ -2,8 +2,6 @@
 <head> 
 <title>APP4MC Cloud Manager - Workflow</title> 
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-<meta id="_csrf" name="_csrf" th:content="${_csrf.token}"/>
-<meta id="_csrf_header" name="_csrf_header" th:content="${_csrf.headerName}"/>
 <link href="webjars/bootstrap/4.5.2/css/bootstrap.min.css" rel="stylesheet">
 <script src="webjars/jquery/3.5.1/jquery.min.js"></script>
 <script type="module" src="webjars/popper.js/1.16.0/popper.min.js"></script>
@@ -42,14 +40,6 @@
 	});
 }
 
-$(function () {
-	var token = $("meta[name='_csrf']").attr("content");
-	var header = $("meta[name='_csrf_header']").attr("content");
-	$(document).ajaxSend(function(e, xhr, options) {
-		xhr.setRequestHeader(header, token);
-	});
-});
-	
 $(document).ready(function(){
 	$('#selectedServicesBlock').load('/selectedServices');
 	$('#messagesBlock').load('/messages');
@@ -96,7 +86,6 @@
 				</div>
 			</div>
 			<div class="form-row">
-				<input type="hidden" id="service_csrf" th:name="${_csrf.parameterName}" th:value="${_csrf.token}"/>
 				<div class="col text-center">
 					<input type="submit" value="Start workflow" class="btn btn-primary mt-2" onClick="this.form.submit(); this.disabled=true; this.value='Processing…'; "/>
 				</div>