From f272d9136d6482b7200833039fb192a97dc84fc6 Mon Sep 17 00:00:00 2001 From: BubaVV Date: Mon, 18 Mar 2019 18:16:03 +0200 Subject: [PATCH] Fix CSRF error on Images dashboard Proposed patch correctly passes CSRF token to Angular application with CSRF_COOKIE_HTTPONLY config option turned on. Also, minor release note warning fixed Change-Id: Iec90643078dcf3ed4ad786ecc21bfb067a242c6d Closes-bug: #1819423 --- horizon/browsers/views.py | 3 +++ openstack_dashboard/templates/angular.html | 3 +++ 2 files changed, 6 insertions(+) diff --git a/horizon/browsers/views.py b/horizon/browsers/views.py index 4d89a97989..383b2de01a 100644 --- a/horizon/browsers/views.py +++ b/horizon/browsers/views.py @@ -12,6 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. +from django.conf import settings from django.utils.translation import ugettext_lazy as _ from django.views import generic @@ -79,6 +80,7 @@ class AngularIndexView(generic.TemplateView): def get_context_data(self, **kwargs): context = super(AngularIndexView, self).get_context_data(**kwargs) context["title"] = self.title + context["csrf_http"] = getattr(settings, 'CSRF_COOKIE_HTTPONLY', False) if self.page_title is None: context["page_title"] = self.title else: @@ -100,6 +102,7 @@ class AngularDetailsView(generic.TemplateView): title = _("Horizon") context["title"] = title context["page_title"] = title + context["csrf_http"] = getattr(settings, 'CSRF_COOKIE_HTTPONLY', False) # set default dashboard and panel dashboard = horizon.get_default_dashboard() self.request.horizon['dashboard'] = dashboard diff --git a/openstack_dashboard/templates/angular.html b/openstack_dashboard/templates/angular.html index 332f42e85e..ea5320270b 100644 --- a/openstack_dashboard/templates/angular.html +++ b/openstack_dashboard/templates/angular.html @@ -10,6 +10,9 @@ {% endblock %} {% block main %} +{% if csrf_http %} + {% csrf_token %} +{% endif %}
{% endblock %}