Merge branch 'changes/xsrf_cookie_CO2' into 'master'

Added xsrf cookie to CO2 requests See merge request caimira/caimira!500
2024-06-21 17:30:43 +02:00 · 2024-06-21 17:30:43 +02:00 · c54b37a37c
commit c54b37a37c
parent d25b41b9de a70c32e060
2 changed files with 10 additions and 7 deletions
--- a/caimira/apps/calculator/init.py
+++ b/caimira/apps/calculator/init.py
@ -434,13 +434,6 @@ class GenericExtraPage(BaseRequestHandler):


 class CO2ModelResponse(BaseRequestHandler):
-    def check_xsrf_cookie(self):
-        """
-        This request handler implements a stateless API that returns report data in JSON format.
-        Thus, XSRF cookies are disabled by overriding base class implementation of this method with a pass statement.
-        """
-        pass
-
    async def post(self, endpoint: str) -> None:
        data_registry: DataRegistry = self.settings["data_registry"]
        data_service: typing.Optional[DataService] = self.settings.get("data_service", None)
--- a/caimira/apps/calculator/static/js/co2_form.js
+++ b/caimira/apps/calculator/static/js/co2_form.js
@ -312,6 +312,11 @@ function plotCO2Data(url) {
    fetch(url, {
      method: "POST",
      body: JSON.stringify(CO2_mapping),
+      headers: {
+        "Content-Type": "application/json",
+        "X-XSRFToken": document.getElementsByName('_xsrf')[0].value
+      },
+      credentials: "include",
    }).then((response) =>
      response
        .json()
@ -347,6 +352,11 @@ function submitFittingAlgorithm(url) {
    fetch(url, {
      method: "POST",
      body: JSON.stringify(CO2_mapping),
+      headers: {
+        "Content-Type": "application/json",
+        "X-XSRFToken": document.getElementsByName('_xsrf')[0].value
+      },
+      credentials: "include",
    })
      .then((response) => response.json())
      .then((json_response) => {