Added xsrf cookie to CO2 requests;

2024-06-12 16:14:50 +02:00 · 2024-06-12 16:14:50 +02:00 · a70c32e060
commit a70c32e060
parent d25b41b9de
2 changed files with 10 additions and 7 deletions
--- a/caimira/apps/calculator/init.py
+++ b/caimira/apps/calculator/init.py
@ -434,13 +434,6 @@ class GenericExtraPage(BaseRequestHandler):


 class CO2ModelResponse(BaseRequestHandler):
-    def check_xsrf_cookie(self):
-        """
-        This request handler implements a stateless API that returns report data in JSON format.
-        Thus, XSRF cookies are disabled by overriding base class implementation of this method with a pass statement.
-        """
-        pass
-
    async def post(self, endpoint: str) -> None:
        data_registry: DataRegistry = self.settings["data_registry"]
        data_service: typing.Optional[DataService] = self.settings.get("data_service", None)
--- a/caimira/apps/calculator/static/js/co2_form.js
+++ b/caimira/apps/calculator/static/js/co2_form.js
@ -312,6 +312,11 @@ function plotCO2Data(url) {
    fetch(url, {
      method: "POST",
      body: JSON.stringify(CO2_mapping),
+      headers: {
+        "Content-Type": "application/json",
+        "X-XSRFToken": document.getElementsByName('_xsrf')[0].value
+      },
+      credentials: "include",
    }).then((response) =>
      response
        .json()
@ -347,6 +352,11 @@ function submitFittingAlgorithm(url) {
    fetch(url, {
      method: "POST",
      body: JSON.stringify(CO2_mapping),
+      headers: {
+        "Content-Type": "application/json",
+        "X-XSRFToken": document.getElementsByName('_xsrf')[0].value
+      },
+      credentials: "include",
    })
      .then((response) => response.json())
      .then((json_response) => {