[IMPROVEMENT] Simplify accessibility of CSRF token

XMLWordPrintable

    • Type: Sub-task
    • Resolution: Fixed
    • Priority: L3 - Default
    • 7.14.0, 7.14.0-alpha2
    • Affects Version/s: None
    • Component/s: None
    • None

      Problem

      • It is hard to perform modifying requests for the user because of the absence of the CSRF token
      • Previously, the AngularJS Cockpit took care of providing the CSRF token

      Reasoning

      • The getting started experience for users would be better if the CSRF token can be accessed directly from the render method
      • CSRF Prevention is not manifested as a standard so the implemented behavior differs from webapp to webapp (we use the `Set-Cookie` approach) [1]
      • From a user's perspective, it is hard to learn how the CSRF token can be accessed

      Solution

      Pass the CSRF token into the render method.

      [1] https://stackoverflow.com/questions/20504846/why-is-it-common-to-put-csrf-prevention-tokens-in-cookies#answer-20518324

            Assignee:
            Hariharan Parasuraman
            Reporter:
            Tassilo Weidner-Mühl
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: