Fix CSRF error on Images dashboard

Proposed patch correctly passes CSRF token to Angular application with CSRF_COOKIE_HTTPONLY config option turned on. Also, minor release note warning fixed Change-Id: Iec90643078dcf3ed4ad786ecc21bfb067a242c6d Closes-bug: #1819423
2019-03-18 18:16:03 +02:00 · 2019-03-18 18:16:03 +02:00 · f272d9136d
parent f15a8071bb
commit f272d9136d
2 changed files with 6 additions and 0 deletions
--- a/horizon/browsers/views.py
+++ b/horizon/browsers/views.py
@ -12,6 +12,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

+from django.conf import settings
 from django.utils.translation import ugettext_lazy as _
 from django.views import generic

@ -79,6 +80,7 @@ class AngularIndexView(generic.TemplateView):
    def get_context_data(self, **kwargs):
        context = super(AngularIndexView, self).get_context_data(**kwargs)
        context["title"] = self.title
+        context["csrf_http"] = getattr(settings, 'CSRF_COOKIE_HTTPONLY', False)
        if self.page_title is None:
            context["page_title"] = self.title
        else:
@ -100,6 +102,7 @@ class AngularDetailsView(generic.TemplateView):
        title = _("Horizon")
        context["title"] = title
        context["page_title"] = title
+        context["csrf_http"] = getattr(settings, 'CSRF_COOKIE_HTTPONLY', False)
        # set default dashboard and panel
        dashboard = horizon.get_default_dashboard()
        self.request.horizon['dashboard'] = dashboard
--- a/openstack_dashboard/templates/angular.html
+++ b/openstack_dashboard/templates/angular.html
@ -10,6 +10,9 @@
 {% endblock %}

 {% block main %}
+{% if csrf_http %}
+  {% csrf_token %}
+{% endif %}
  <div ng-view></div>
  <ngdetails routed-by-django="{{ routed_by_django }}">
 {% endblock %}